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IT Challenged on 
Managing Storage, 
Securing Data 


Conference attendees look for ways to improve 
on disaster recovery, backups and encryption 





NEWSPAPER 


BY LUCAS MEARIAN 
ORLANDO 
Despite advances in storage 
technology, IT managers are 
still concerned about their 
ability to secure data, ensure 
it’s available to valid users, 
track who uses it and manage 
it effectively, said attendees at 
last week’s Storage Network- 
ing World conference here. 
Hurricane Wilma, which 
struck southern Florida last 
Monday, offered examples of 
the difficulties of keeping data 


The Fz 


a yd 





available to users after a nat- 
ural disaster, according to one 
IT executive at the show. 

Ralph Barber, CIO at Hol- 
land & Knight LLP in Tampa, 
Fla., said Wilma knocked out 
several branch offices of his 
law firm, which has about 450 
servers and two storage-area 
networks that support about 
3,000 users. 

Holland & Knight replicates 
data between data centers in 
Tampa and Denver and uses 

Securing Data, page 16 
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With spyware identified as a top IT security 
concem, companies are mounting a counter- 
attack with new tools and strategies - and 
they regaining ground. Find out how they're 
banishing the unwanted software. PAGE 23 


Politics Prevail Over Portfolio Management 


Steering committees 
still clash over which 


IT projects to fund 


BY THOMAS HOFFMAN 
LAS VEGAS 
When IT portfolio manage- 
ment software and techniques 
came into vogue a few years 
ago, many IT executives main- 
tained that such tools would 
remove politics from IT proj- 
ect prioritization debates. 
Proponents of the new ap- 
proach said it would enable IT 
steering committees to rank 
the anticipated value of pro- 
posed projects by calculating 
the expected return on invest- 
ment, strategic impact and 
other quantifiable criteria. 
But that promise has not 
been fulfilled, said IT man- 
agers attending the IT Finan- 
cial & Asset Management 





Summit West here last week. 

“IT portfolio management 
techniques don’t help you get 
past politics,” said Becky 
Hamilton, an information 
management director at Pio- 
neer Hi-Bred International 
Inc., a commercial seed pro- 
ducer in Johnston, Iowa, that’s 
a subsidiary of Du Pont Co. 

“I can’t imagine any tool 
would remove organizational 
dynamics” from discussions on 
IT project prioritization, said 
Sam Coursen, CIO at Freescale 
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| Semiconductor Inc. in Austin. 


Coursen, like Hamilton, was 
a speaker at the conference, 
which was organized by the 
International Quality & Pro- 
ductivity Center in New York. 
He noted that Freescale’s ex- 
ecutive committee has a dollar 
cap in place that “forces the 
group to focus on the top 20% 


| of projects that are expected 


to deliver the most value.” 

IT portfolio management 
tools “won't depoliticize any- 
thing,” said Bernie Donnelly, 
vice president of quality assur- 
ance at Philadelphia Stock Ex- 
change Inc. Instead, “it’s about 
having a rigorous process” for 
prioritizing IT projects, Don- 
nelly said. “That’s what works.” 

Some IT managers inter- 
viewed by Computerworld 
over the past four years main- 
tained that IT portfolio man- 

Politics, page 53 
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Bumrungrad Hospital, Southeast 


Asia's largest healthcare facility, created a kid-friendly pediatric clinic out of a 10,000-square-foot (AO de 
medical records unit. How? An ultra-scalable, 4-way Intel’ Xeon’ processor-based system ie 
improved data reliability and made records paperless. Read more about Bumrungrad Hospital's eee 


experience with Intel built in at intel.com/builtin. 
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The new Canon imageRUNNER solutions and support addressed 
Don’s concerns about seamless network integration, secured printing 


and managing network devices. Hence, Don’s no longer concerned. 


s the gatekeeper 


RUNNER® solutions are raising the bar for how well network devices 
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Don’s company isn’t doing business as usual. What about your company? We’re well aware of your daily challenges a 


f your company’s network. And we tot nderstand. That’s why Canon’s imas 
‘re integrated. You’ll appreciate enhanced security features that include a secured print function for document 


for easily managing network devices. In addition, you get entirely new systems across 
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confidentiality, user authentication, NetSpot® and Remote UI 


our full line of imageRUNNER solutions, which offer intuitive technology that works with you, not against you. You SS p 


can also expect your current investment to be leveraged, your concerns to be addressed and the potential of your 


workday to be expanded. Which means no more business as usual. 1-800-OK-CANON www.imagerunner.com « 
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ITIL Catches On 


in the Management section: Users like Kevin 
McLaughlin of Procter & Gamble say the British 
import is gaining popularity as a framework for 
standardizing, integrating and managing IT ser- 
vices delivery. Page 39 





Redefining Cool 


In the Technology section: Chandrakant Patel 
discusses the research that he and the rest of 
the “Cool Team” are pursuing at HP Labs. He 
says it could lead to cooler data centers that 
use 50% less energy. Page 28 | 
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in Depth: Microsoft’s Tech- 
nology Adoption Program lets 
users influence R&D and get 
top-level support. But it’s a 
rigorous process that requires 
substantial commitment. 


10 Unisys looks to shift its 
mainframe line to Intel CPUs, 
although no development 
plans have been set in stone. 


) Atlanta’s airport launches a 
Wi-Fi network for travelers 
and will give users a choice of 
wireless Internet access ser- 
vice providers. 


2 Informatica claims to trump 
IBM’s data integration soft- 
ware with an upgrade. But the 
new version isn’t due to ship 
until April. 


2 The Air Force and the Penta- 
gon plan to integrate their 
Web services registries. 
Global Dispatches: Computers 

in Russia are being attacked 

by two new versions of a 

virus, and an African agency 

urges open-source adoption. 


Skype’s peer-to-peer VoIP 
software presents security 
challenges for IT, as two new 
critical flaws attest. 


Users rethink their disaster 
recovery plans, looking for 
ways to ensure that data can 
be restored. 


)&A: Freescale Semiconduc- 
tor’s new CIO, Sam Coursen, 
discusses his efforts to build 
up an IT operation. 
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23 Spy Stoppers Fight Back. 
The emergence of enterprise- 
class antispyware technolo- 
gies is helping IT gain control 
over the unwanted programs. 


30 QuickStudy: MTBF. Mean 
time between failures is a 
measure of hardware reliabili- 
ty, usually expressed in hours, 
indicating the working life- 
time of a given component. 


34 Security Manager’s Journal: 
Making the Move From IDS 
to IPS. Mathias Thurman 
decides to shift from an 
intrusion-detection system 
to inline intrusion-prevention 
technology. 
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44 Career Watch. Peter Pres- 
land-Byrne of Countrywide 
Financial answers readers’ 
questions on career choices. 
Plus, we look at stupid inter- 
view questions, top books and 
what makes “millennials” so 
different — or not. 


46 Book Reviews: The Human 
Nature of Management. 
Thomas Hoffman offers cri- 
tiques of new titles on leader- 
ship and the people side of 
business process manage- 
ment, as well as an IT project 
management “cheat sheet.” 


48 Managers’ Forum. Paul Glen 
offers advice on how to fix a 
project with too many spon- 
sors and what to do about 
the manager whose informal 
adviser seems to be running 
the show. 


OPINIONS 


8 On the Mark: Mark Hall re- 
ports on a software vendor 
that’s asking, Why not let 
business analysts, rather than 
IT developers, write the rules 
into applications themselves? 


20 Don Tennant heard from read- 
ers after last week’s editorial 
decrying the fact that men in 
IT continue to make more 
money than women. He ac- 
knowledges that there are fac- 
tors that may contribute to the 
disparity, but he believes no 
one can substantiate a claim 
that the status quo is fair. 


20 Virginia Robbins, finding her- 
self involved in yet another 
acquisition, has advice for IT 
managers on either end of 
such transactions. 


Michael Gartenberg believes 
we’re moving beyond “digital 
ubiquity” to a state of “contex- 
tual flow.” 


36 Martin MC Brown prefers 
OpenSolaris to Linux because 
it doesn’t have the distribu- 
tion and compatibility prob- 
lems inherent in Linux. 


54 Frankly Speaking: Frank 
Hayes thinks VeriSign v. 
ICANN will turn out to be 
worth all the trouble — 


for users. 
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Guard Against Titan Rain Hackers 
SECURITY: Chinese hackers are cracking U.S. 
computers and stealing any information 

they can get. What’s more troubling is that 
your company may have been a victim but 
you wouldn’t even know, says security expert 


Ira Winkler. @ QuickLink 57711 


Understanding Microsoft's 
Desktop Migration Tools 

WINDOWS: Two Avanade consultants outline 
some of the features available in deployment 
tools such as Microsoft’s free Solution Accel- 
erator for Business Desktop Deployment. 
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Earliest Adopters Get 
Put to the ‘Test 


Microsoft's testing program lets users influence R&D and get top-tier support. _ 
But it requires a substantial commitment - and some live use of beta code. By Carol Sliwa 


ITH the release 

of the first beta 

copies of Win- 

dows Vista in 
midsummer, Microsoft Corp. 
began ramping up the testing 
process for the next version 
of its client operating system. 
But long before that, a special 
group of corporate testers had 
already started to help shape 
the new software. 

Thirteen companies, includ- 
ing eight with at least 15,000 
PCs each, began working with 
Microsoft on the architecture 
and design of their Windows 
Vista environments about 18 
months ago, when the product 
was code-named Longhorn. In 
April, they got their hands on 
alpha code with a Network 
Access Protection feature they 
had agreed to test. Another 35 
users joined them last May 
and June as part of Microsoft’s 
Technology Adoption Program 
for validating the features, 
functionality and product- 
readiness of Vista, said Linda 
Apsley, a group program man- 
ager for Windows TAPs. 

The TAP process differs 
from an ordinary testing pro- 
gram in that it requires partic- 
ipants to make a commitment 
to run software in live produc- 
tion environments prior to a 
product’s final release. Micro- 
soft runs three different types 
of TAPs across its product 
line: one for product valida- 
tion that was formerly known 
as the Joint Development Pro- 
gram, a rapid deployment TAP 
that was previously called the 
Rapid Adoption Program, and 
a less rigorous product evalua- 
tion program that’s more like 
an advanced beta for IT pros. 

The software vendor used 





to have to do heavy recruiting 
to get companies to partici- 


Microsoft is currently running TAPs for 


the following software: 


@ Windows Vista 


® Windows Server 2003 Release 2 


mie en : 


@ Exchange Server 2003 Service Pack D 
® Live Communications Server 2005 


Letom 4 
@ Network Access Protection 


@ Systems Management Server Version 4 
® Microsoft Operations Manager Version 3 


Beiter: ty 


pate in the Windows TAPs, 
which started with Windows 
2000. Now, Apsley said, there 
are eight to 10 applications for 
each open slot in the Win- 


dows Product Validation 


TAPs, and many participants | 


ask to continue from program 
to program. 

“Our budget is extremely 
tight, and we’re always looking 
for ways to stretch our dollar,” 
said Robert Taylor, CIO for 
Fulton County in Georgia. 





“Agreeing to [take part in] 
TAP meant we could leverage 
our work on testing to get 
more benefits out of our bud- 
get and be a better custodian 
of public funds.” 

The county’s IT department 


two years ago when Windows 
XP Service Pack 2 and Win- 
dows Server 2003 SP1 were 
being developed. It’s currently 
involved in TAPs for Windows 
Vista and Longhorn Server, 
plus Version 4 of Microsoft’s 
Systems Management Server 
(SMS) software, Taylor said. 
TAP participation means 
that some of the county’s best 
IT employees get a chance 
to interact with Microsoft’s 
“A-team” engineers, he noted. 
The county also gains access 


www.computerworld.com 


to Microsoft consultants, 
sometimes on-site, and the 
highest tier of product sup- 
port the vendor has to offer. 
For problems that couldn’t be 
resolved by telephone, Fulton 
County staffers have at times 
boxed up PCs and shipped 
them to the development team 
at Microsoft. 

“We feel like they will not 
let us fail,” Taylor said. But he 
added that he’s still second- 
guessed by CIOs about his de- 
cision to get involved in a pro- 
gram requiring him to use 
software still being developed. 

Microsoft recognizes that 
companies “take a risk to be 
in our program,” Apsley said, 
adding that the company 
matches the risks posed by 
TAP participation with top- 
tier support — responding 
within 15 minutes if a user ex- 
periences a serious problem. 
“My team is measured on how 
well they keep these cus- 
tomers’ businesses in good 
shape,” she said. 

The IT shops that partici- 
pate in the Product Validation 
and Rapid Deployment TAPs 
do have to pay a price by com- 
mitting the time and resources 
necessary to test and deploy 
products on a schedule they 





Small Companies Get Access and Clout Via TAP 


Red Dot, Ping mix with blue-chip corporations on testing work 





Microsoft's Technology Adoption 
Program isn't just for huge corpora- 
tions with thousands of users. Many 
smaller companies get a chance to 
participate - and they're only too 
happy to get the sort of insider ac- 
cess and extra attention that's typi- 
cally reserved for the big guys. 

John-Mark Tucker, an IT manag- 
er at Red Dot Corp. in Seattle, said 
he was flattered to see a business 
with 500 employees get invited to 
the same events on Microsoft's 
campus in Redmond, Wash., as 
companies such as Siemens, Texa- 
co Inc. and Hewlett-Packard Co. 
“When you're in these programs, 
you actually do have a real effect on 
the end product,” Tucker said. 

Red Dot's initial TAP experience 
was restricted to the use of a cou- 
ple machines during the tail end of 


é Normally, a 
company our 
size doesn’t have 
much political pull 
with a vendor. This 
gave us a little 


DAVID CHACON, TECHNICAL 
SERVICES MANAGER, PING 


the testing phase for Windows 
Server 2003, after a third-party 
consulting firm recommended the 
company to Microsoft. The maker 

; Ofheating and air conditioning sys- 

' tems enjoyed the program so much 

' that it signed on early for the TAP 

' for Windows XP Service Pack 2. 

i Tucker said Red Dot is participat- 


ing in TAPs for Windows Vista and 
its Network Access Protection fea- 
ture. The company’s IT staff is start- 
ing with Vista on eight to 10 ma- 
chines but plans to expand the rollout 
to about 50 PCs toward the end of 
this year or early next year, when the 
next major Vista beta arrives. Within 
six months of the final release, Red 
Dot expects to have half of its 170 
workstations on Vista, Tucker added. 
Ping Inc., a Phoenix-based golf 

equipment manufacturer that has 
just under 1,000 employees and 
about 500 PCs, joined the TAP 
process for Windows Server 2003 
in the fourth quarter of 2002, in 
connection with a migration from 

; Novell Inc.'s NetWare to Windows 

' for file-and-print, e-mail and appli- 

' cation servers. i 

“Normally, a company our size 


doesn't have much political pull 
with a vendor,” said David Chacon, 
a technical services manager at 
Ping, which is a subsidiary of 
Karsten Manufacturing Corp. “This 
gave us a little leverage.” 

Chacon noted that having con- 
sultants from Microsoft and outside 
firms on hand to help with the shift 
from NetWare Directory Services to 


; Active Directory was a significant 


benefit, as Ping’s IT staff worked to 
gain Windows skills. “Going from 
NetWare to Windows would have 
been a huge cost for us to bear on 
our own,” he said. 

But although Ping will consider 


participating in future TAPs, it won't 


be rushing to join the Windows Vista 
program. “We just need a little bit of 


i abreather,” Chacon said. “You have 


to analyze the opportunity and see 
how it fits with your business goals.” 
- Carol Sliwa 
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agree to with Microsoft. 

“Tt is a two-way street,” said 
Les McCarter, director of IT in- 
frastructure and operations at 
Hawaiian Electric Co. “With 
each new release of the beta 
software, we had to make sure 
we had it installed on x number 
of machines — not just test 
machines, but machines 
that were running in a live 
environment.” 





The Honolulu-based power 
company started 
deploying Win- 
dows XP SP2 
within its IT de- 
partment as part 
of the TAP 
process and later 
extended the test 
code to users of a 
representative 
sample of its ap- 
plications, as 4 
well to other end 
users who were Wi 
willing to try 
beta software. 

McCarter said 
that despite some 
concerns about running beta 
code on live systems, Hawaiian 
Electric was anxious to get the | 
security-focused SP2 release, 
which it wanted to deploy si- 
multaneously with Office 2003 
to its 1,500 end users. With 
each new release of the SP2 
beta code, the company retest- 
ed its applications to make 
sure they remained compati- 
ble. At one point, when an ap- 
plication didn’t run well with 
the firewall built into Win- 
dows XP, Microsoft postponed 
the release of a public beta so 
it could fix the problem, Mc- 
Carter said. 

“My technical staff was 
amazed that our reported prob- 
lem contributed to a publicly 
announced postponement,” he 
said. “We felt we made a mark 
on the final XP release.” 

McCarter said the effort was | 
worth it for this particular sce- 
nario, but he’s not sure if the 
utility will sign up for another 
TAP. “We look back and debate 
whether we would do it again, 
because it did require a fair 
amount of effort on our side,” 
McCarter said. “If you commit 
to this, it forces you to dig deep 
into the technology. It’s not 


Ns 


We feel like 
[Microsoft] 
not let us fail. 
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ROBERT TAYLOR, 
ClO, Fulton County, Ga. 





something to take on lightly.” 


For some, the extra assistance 
is tough to resist. Gunnar 
Thaden, CIO at Tuev Nord 
Group in Hannover, Germany, 
said he was astonished to see 
Microsoft essentially copy his 
company’s 40-server installa- 
tion at its Redmond, Wash., 


campus for testing of SMS 2003. | 
| issues with Windows 2000. 


During a week’s stay there as 
part of the SMS TAP, Thaden 
worked with the vendor’s engi- 
neers and SMS developers 
from 8:30 a.m. to 10 
p.m. and saw nu- 
merous Microsoft 
employees work 
one night from 10 
p.m. to 4 a.m. to fix 
a particularly nag- 
ging problem. 

Tuev Nord, a 
technical services 
provider with a 
workforce of more 
than 7,000, is par- 
ticipating in TAPs 
for Windows Vista, 
SQL Server 2005, 
Office 12 and the 
Network Access 
Protection technology. Thaden 
estimated that his IT staffers 
spend an average of 15 hours 
per week on TAP activities. 
But he added that on some 
days, it might be just an hour, 
while on others, they might 
devote the entire workday to 
the testing program, he said. 


Access to Labs 
Siemens AG has been involved 
in more than 80 TAPs during 
the past seven years and is 
currently participating in a 
dozen. The electrical and elec- 
tronic products manufacturer 
wants to make sure that any 
products it deploys will scale 
for its nearly 400,000 PCs 
worldwide, said John Minnick, 
an Alpharetta, Ga.-based enter- 
prise architect at Siemens. 
Siemens also finds it impor- 
tant to have access to Micro- 
soft’s labs, where it can bring 
together a global team in one 
spot, Minnick added. “We're 
driving the leading edge, not 
just following it. That’s the 
benefit of TAP,” he said. 
Minnick noted that Siemens 
has submitted more than 520 
design-change requests and 
bug reports to Microsoft as 
part of the TAP process. In ad- 


| 
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dition, the company’s partici- 
pation has helped it make deci- 
| sions about product deploy- 


| 
| 
| 
| 
! 
| 
| 
| 
| 


ments. For example, Minnick 
said, Siemens didn’t deploy 
Exchange Server 2000 because 
of the software's lack of dis- 
tributed administration capa- 
bilities. It also had scalability 


“If it wasn’t for the partici- 
pation in TAP programs, we 
would not have been able to 
explain why it was a show- 
stopper when the product was 
released,” Minnick said. 

Denver Health and Hospital 
Authority Inc. couldn’t get a 
scripting tool to work during a 
four-week TAP that included 
migrating its Microsoft SNA 
gateway servers to the ven- 
dor’s Virtual Server software. 
Microsoft and its consulting 
partner, Interlink Group Inc. 
in Englewood, Colo., couldn’t 
get the tool to work either, ac- 
cording to Michael Brown, a 
former support services man- 
ager at Denver Health who 
recently left to work for Sun 
Microsystems Inc. 

The Microsoft utility would 
have eliminated the need for 


| the not-for-profit health care 


provider to manually build 
virtual servers on a one-by- 
one basis. Brown said Denver 
Health’s IT department ulti- 
mately opted for a tool from 
Toronto-based PlateSpin Ltd. 
Because Brown viewed the 
scripting tool only as “the 
cherry on top,” he still consid- 
ered the Virtual Server TAP to 
be a success, as Denver Health 
consolidated 14 physical 


| servers to four. The company 


has also participated in TAPs 
for Exchange Server 2000 and 
Active Directory as well as 
SMS 2003, he said. 

But users shouldn’t sign up 
for TAPs without giving it some 
thought, Brown cautioned. 


“You have to make sure a pro- 


gram like this is going to meet 
your expectations,” he said. 
“You have to go in with a very 


specific reason.” @ 57875 


MORE ONLINE 


Microsoft exec Jim Alichin says changes in 
the Windows engineering process have led 
to higher-quality beta software: 
QuickLink 57896 
www.computerworld.com 
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Microsoft's 
Technology 
Adoption 
Program. 


PRODUCT VALIDATION 


PURPOSE: To get customer input about products throughout 
the development cycle. The programs are driven by Microsoft's 
engineering teams. 


USER PARTICIPATION: The Windows Vista program now 
includes 48 enterprise-class users, midsize businesses and 
resellers. Microsoft expects to add 30 to 40 small to medium- 
size companies. 


REQUIREMENTS FOR PARTICIPANTS: Work with Micro- 
soft’s product teams to develop deployment plans; provide 
feedback on products and bugs; deploy beta releases during 
agreed-upon time periods; and go live with Beta 2 and Release 
Candidate versions for agreed-upon numbers of end users. 








SELECTION CRITERIA: Microsoft seeks a mix of users to under- 


stand how products work across different vertical industries, as 
well as a blend of small, midsize and large companies, international 
users, systems vendors and resellers. The depth of a company’s 
internal Microsoft support staff is considered, as is its relationship 
with Microsoft Consulting Services. Customer business scenarios 
also are taken into account. 


RAPID DEPLOYMENT 


PURPOSE: To help companies deploy products and collect 
feedback about the challenges they encounter. 


USER PARTICIPATION: The Windows Vista program now has 
500 users worldwide - 250 enterprise companies (more than 
2,500 PCs), 150 midmarket companies (50 to 2,500 PCs) and 
100 small businesses (fewer than 50 PCs). 


REQUIREMENTS FOR PARTICIPANTS: Enterprise users 
must deploy products on 100 seats when the Release Candi- 
date version ships and on 1,000 desktops within six months of 
the software's release to manufacturing. Small and midsize 
companies have to install software on 20% to 30% of their 
seats within six months of a product's release to manufacturing. 


SELECTION CRITERIA: Users are nominated by Microsoft 
account teams, sales representatives or business partners. 
Nonenterprise customers can also apply to Microsoft directly. 
The vendor considers past experience with TAPs and the level 
of customer commitment to deploying products. 











TL 
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AT DEADLINE 


Oracle Beats SAP 
For Air Force Deal 


Oracle Corp. beat out SAP AG 
and other vendors to win a multi- 
year, $88.5 million contract with 
the U.S. Air Force, which includes 
a closely watched deal to build a 
new logistics system. The new 
Expeditionary Combat Support 
System is intended to replace 
more than 500 IT systems with 
an integrated, commercial supply 
chain management system. 


MSN, Office Execs 
Resign Posts .. . 


Hadi Partovi, general manager of 
the MSN portal, and Don Gagne, 
director of development for Of- 
fice, have both resigned their 
posts at Microsoft Corp. Partovi, 
a key developer in an MSN incu- 
bation project called Start.com, is 
leaving to pursue other interests. 
Gagne is leaving after 11 years to 
pursue his hobby of racing cars 
full time. 


. .. As Microsoft 
Posts Solid Quarter 


Microsoft said its first-quarter 
profit rose 24%, and revenue was 
up 6%. The company said its core 
platform software - including SQL 
Server, whose sales rose 15% 
over the past year, Exchange and 
Windows Server - were solid per- 
formers in the quarter. 


MICROSOFT BY THE NUMBERS 


ECE sous 
$9.19B fa 


VeriSign, ICANN 
Settle Lawsuit 


VeriSign Inc. has settled a lawsuit 
that accused the Internet Corpo- 
ration for Assigned Names and 
Numbers of delaying new domain- 
name services. VeriSign, which 
manages the .com and .net do- 
mains, had accused ICANN of 
overstepping its authority by 
dragging its feet in letting Veri- 
Sign offer new services. (See also 
Frankly Speaking, page 54.) 
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Rewrite the Rules 
About Writing . . . 


... business rules. The first new rule? Get IT out of the 
equation. That’s what David Straus suggests. Straus is 
senior vice president of sales and marketing at San 
Mateo, Calif.-based Corticon Technologies Inc., 
which develops an array of software designed to let 


business 
analysts and 
managers 
turn their 
own business 
rules into 
executable 
code. Ac- 
cording to 
Straus, “any- 
one with a 
logical mind” 
can use Cor- 
ticon’s Rules Modeling Studio 
tool. He says a business rule 
consists of a condition and its 
values, plus an action and its 
values. End users point and 
click their way through the 
software and use everyday 
English to complete the form 
that creates the rules. Once 
they’re happy with a new 
rule, they compile the code 
and test it for logic flaws. 
Corticon’s software checks all 
the possible combinations of 
conditions and actions in the 
rule. By the end of November, 
the company plans to add an 
Analysis Server to its product 
line. The new software can be 
used to create what-if scenar- 


STRAUS 
Get IT out of 
business-rule- 
aca) 
TS oe 


| ios prior to building business 
rules. Pricing varies based on 
the implementation, but 
Straus says an average value 
of a Corticon sale is about 
$25,000 for 15 seats. 


Shed some light on 
the state of your... 
... IT development projects. 
Lighthouse, a new service 
from Artifact Network Inc. in 
Baltimore, monitors IT proj- 
ects and gives CIOs, project 
managers, tech staffers and 
other corporate execs user- 
specific dashboard views of 
everything from milestones 
achieved (or not) to how far 
along you are on defect reme- 
diation. Artifact CEO Mark 
Wesker 
likens Light- 
house to “an 
early warn- 
ing system” 
for troubled 
projects. 
¥ Budget- 
minded man- 
agers might 
get warnings 
about project 





Offers “early 
warning sys- 
tem” for IT. 


| Revenge tool from 


| ... the power to make its devel- 





costs, while development 
managers will be notified 
about bug-fix rates. By click- 
ing on the red warning but- 
tons, you can drill down to 
the specifics of the crisis at 
hand. The service integrates 
with Microsoft Project. Arti- 
fact is developing a Web ser- 
vices interface and will add 
custom reporting functions to 
a version of Lighthouse that’s 
supposed to be ready early 
next year. Subscription 
pricing varies by user, but 

an unlimited-projects and 
unlimited-users option 

runs $2,500 per month. 


Microsoft gives you . . . 


opers feel your pain. Called 
WSYP (for “we share your 
pain”) and created by Micro- 
soft Corp.’s U.K. branch, the 
new tool lets you enact some 
justice upon specific Micro- 
soft developers whose pro- 
gramming flaws have caused 
you headaches. Microsoft has 
created an instructional video 
on how WSYP works, and it’s 
worthy of everyone’s 
attention. (Go to 1 





www.microsoft.com/ 
uk/technet/ 
itsshowtime/ 
sessionh.aspx? 
videoid=9999, then 
click on the “See a 
preview” link.) WSYP 
is an excellent model 
that other software vendors 
should emulate — if not with 
a similar tool, then at least 
with, shall we say, the same 
attitude. 


Mac Mini gets a 

PC cousin for... 

. .» Windows and Linux. The 
Mini PC from AOpen Ameri- 
ca Inc. in San Jose is due to 
reach retail shelves in late 
November. The device, which 
is 6.5 in. square and less than 
2 in. high, will come with a 
Celeron processor, two USB 
ports, an Ethernet link, built- 
in wireless networking, a CD- 





Number of 
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HOT TECHNOLOGY TRENDS, NEW PRODUCT 
NEWS AND INDUSTRY BUZZ BY MARK HALL 


Mini PC, plus needed accessories 


ROM drive and a DVD burn- 
er. The system also can be 
configured with up to 120GB 
of storage and 1GB of RAM. 
According to Chris Liu, vice 
president of product market- 
ing at AOpen, the little PC 
will appeal to business users 
who need systems to run 
kiosks or digital signage. Liu 
says a Linux model will retail 
for $399, while a Windows 
version will cost $499, The 
monitor, mouse and keyboard 
are sold separately, of course. 


The best BitDefender 
beta tester can give... 
. .. his liver a workout with the 
prize: 1,000 German beers. You 
could win after putting the 
beta version of an upgrade 
of Softwin SRL’s Bit- 
Defender Mail Protec- 
tion for Enterprises 
through its paces. The 
Bucharest, Romania- 
based maker of anti- 
virus software for Lin- 
ux has posted a few 
simple rules for the 
contest, which ends 
Jan. 15. Testers register online 
and post bugs that they find 
to the beta-test mailing list. 
Softwin’s developers then re- 
view the found flaws, and the 
company’s judges rate the 
number and severity of the 
bugs to determine the winner. 
Oh, and in addition to drink- 
ing Bitburger or Beck’s to 
your heart’s content and liv- 
er’s distress, you'll also win 

a trip to Romania — where, 
Softwin claims, you'll get to 
meet Count Dracula. How- 
ever, your blood-alcohol 
level might scare him away. 


@ 57840 
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Unisys Maps Possible Shift of 
Its Mainframes to Intel Chips 


Joint development deal with NEC sets 
stage for move from proprietary CPUs 





BY PATRICK THIBODEAU 
NISYS CORP. is 
putting all of its 
mainframes on an 
Intel hardware path 

and ultimately may end the 

use of its internally developed 

CMOS processors. 

The potential shift of the 
full ClearPath mainframe line 
to Intel Corp.’s CPUs stems 
from a joint development 
agreement that Unisys an- 
nounced last week with NEC 
Corp. for high-end servers. 
But there aren’t any specific 
development plans yet, and a 
Unisys spokesman described 
the interest in Intel processors 
on ClearPath as “directional” 
— not carved in stone. 

The partnership with NEC 
came one week after Unisys 
posted a preliminary third- 
quarter loss of $54.3 million 
and disclosed plans to cut its 
36,000-person workforce by 
10% over the next year. 

The Blue Bell, Pa.-based 
company also said it would 
focus resources on high- 
growth technology markets 
while continuing to invest in 
operating systems and soft- 
ware development for Clear- 


Path and its ES7000 server line. 


Growing Stronger 
Greg Schweizer, a systems 
administrator and Unisys 
mainframe user at Oregonian 
Publishing Co. in Portland, 
Ore., said any move by the 
vendor away from hardware 
development, combined with 
an increased focus on soft- 
ware and services, “should 
make Unisys stronger.” 

Schweizer also said he 
may be able to save money if 
Unisys lets users move its OS 
2200 mainframe operating 
system to servers based on 
commodity processors. 

Road maps detailing the 
product development plans 





with NEC won't be available 
until the two companies final- 
ize their agreement in the first 
quarter of 2006, said Unisys 
spokesman Guy Esnouf. 

A migration away from the 
CMOS processors will depend 


| on Intel’s ability to at least 


match their performance, ac- 
cording to Esnouf. He added 
that regardless of what deci- 
sion is made on the hardware, 
Unisys will continue to devel- 
op and support OS 2200 and 
MCP, its other mainframe op- 





erating system. Some Clear- 
Path models with MCP al- 
ready can run on Intel chips 
(see box). 

“Obviously, we’re not going 
to do anything until we’re hap- 
py that the Intel processor 
technology is where it needs 
to be,” Esnouf said. “In time, 
we would plan that ClearPath 
would run on Intel rather than 
on the current CMOS. But 
we're not going there now.” 

Esnouf also said that if users 
want to stay on the CMOS 
hardware in the future, “that’s 
where they will stay. We’re not 
going to try to force them off.” 

Marian Ritland, develop- 
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Airport Builds Big Wi-Fi Network, 
Signs Up Rival Access Vendors 


Atlanta facility 
adds cell towers, 
operations center 


BY MATT HAMBLEN 
Atlanta’s international airport 
last week launched a large 
Wi-Fi hot spot that gives trav- 
elers a choice among several 
competing wireless Internet 
access services and is part of a 
wider upgrade of the facility’s 
network infrastructure. 

Hartsfield-Jackson Atlanta 
International Airport is the 
first airport in the U.S. to offer 
Wi-Fi services from rival out- 
side vendors, CIO Lance Lyttle 
claimed. The competition has 
already brought prices down, 
he said. 

For example, before the offi- 
cial launch, Boingo Wireless 
Inc. had been offering one-day 
Wi-Fi access to users for $9.95. 
When rival Concourse Com- 
munications Group LLC of- 
fered a daily price of $7.95, 
Boingo cut its rate to two days 
for $9.95, Lyttle said. 

In addition to installing the 
Wi-Fi network, the IT staff 





at Hartsfield-Jackson has 
added cell towers to support 
both voice calls and users 
who have purchased laptop 
cards for wireless broadband 
data access instead of Wi-Fi 
connections. 

But the availability of more 
choices could add to the bur- 
den on IT managers who sup- 
port e-mail and Internet con- 
nectivity for business travelers 
and who should be monitoring 
their remote connections to 
keep costs from getting out of 
hand, said Ken Dulaney, an an- 
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alyst at Gartner Inc. 

“A big issue, in my opinion, 
is how enterprises will control 
costs in light of all these op- 
tions,” Dulaney said. 

He added that to help keep 
costs down, companies must 
create profiles of different 
user types, allocate money to 
support each type of user and 
track what is spent on each ac- 
cess method. 

The Wi-Fi network in At- 
lanta has 150 access points cov- 
ering all 5.8 million square feet 
of terminals and nearby areas, 
Lyttle said. Cisco Systems Inc. 
provided the equipment for the 
network, which cost about $1.5 
million to build. 


Other Improvements 
Combined with other network 
improvements, including the 
addition of the cell towers and 
a new network operations 
center, the airport is spending 
a total of about $4.5 million, 
according to Lyttle. 

Some airlines already have 
their own Wi-Fi hot spots that 
work only near their gates at 
the airport, Lyttle said. The 





ment and operations manager 
at the University of Wiscon- 
sin-Eau Claire, runs an MCP- 
based ClearPath mainframe 
that’s powered by Intel chips. 
She said it has been obvious to 
users that Unisys is heading 
toward a single hardware plat- 
form for its mainframes. 

But Ritland, who is also 
chairwoman of the Unite Inc. 
Unisys user group in St. Clair 
Shores, Minn., said the vendor 
is moving cautiously and giv- 
ing users a choice of technolo- 
gies “at a pace that allows peo- 
ple to pick and choose.” 

Because the CMOS-based 
mainframes are “a legacy and 
presumably shrinking market 
opportunity, it’s hard to see 
Unisys being able to justify 
continued processor develop- 
ment there,” said Gordon Haff, 
an analyst at Illuminata Inc. in 
Nashua, N.H. @ 57868 


airportwide network was de- 

signed not to interfere with 

the existing ones, he noted. 
Lyttle said that about 21,000 


| users have signed up for Wi-Fi 


services at the airport since 
early September, when the 
network began operating on 
a trial basis. 

The three Wi-Fi providers 
are Santa Monica, Calif.-based 
Boingo, Chicago-based Con- 
course and Sprint Nextel 
Corp. Each has a contract with 
the airport authority, which 
owns the network. 

Internet access via Wi-Fi 
will be enhanced by a fiber- 
optic backbone that was in- 
stalled in an earlier phase of 
the project, Lyttle said. He 
added that the network is de- 
signed to eventually support 
voice over Wi-Fi and that air- 
port officials are assessing the 
needs of business travelers for 
that technology. 

In addition to public Wi-Fi 
services, Hartsfield-Jackson 
is offering separate access to 
about 800 airport workers for 
daily business operations and 
to concessions and public- 
safety employees, Lyttle said. 
Voice and video communica- 
tions over Wi-Fi are expected 
to be important applications 
for public safety, he noted. 

@ 57839 
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Industry Vets Unveil 


At In-Stat’s Fall Processor Forum, 
a group of chip industry veterans 
announced a new company and 

a low-power dual-core chip based 
on IBM's Power architecture. The 
founders of 2-year-old PA Semi 
Inc. include Dan Dobberpuhl, a 
lead architect of the Alpha and 
StrongARM processors. The first 
chip in the PWRficient family is 
the PA6T-1682M. 


CA Posts Quarterly 
Sales, Profit Gains 


Computer Associates Interna- 
tional Inc. reported increases in 
second-quarter sales and profits, 
which CEO John Swainson called 
a solid sign of the work CA’s new 
management team is doing to 


strengthen the battered company. | 


CA BY THE NUMBERS 


Microsoft Unveils Bl 
Tools for Office 12 


Microsoft Corp. has unveiled a 
host of business intelligence fea- 
tures for the Excel and SharePoint 
components of the next version of 
Microsoft Office, code-named Of- 
fice 12. The BI updates, which in- 
clude integration with SQL Server 
2005, are part of an effort to posi- 
tion the software as more than just 
a productivity suite. Office 12 is 
expected to ship next year. 


Intel Changes Plans 
For Server Chips 


Intel Corp. has made several 
changes to its road map for serv- 
er processors. The chip maker 
has delayed the release of its first 
dual-core Itanium 2 processor 
until mid-2006 and is replacing a 
planned multicore Xeon processor 
with a design that eliminates the 
performance penalty of shared 
connections to a chip set. The 
company also has killed White- 
field, a multicore Xeon processor. 
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Informatica Plans Upgrade, 


Blends data integration tools into single 


| BY ERIC LAI 


NFORMATICA CORP. claims 
that the features in its up- 
coming PowerCenter 8 
data integration software 
trump those offered by its top 
competitor, IBM — a con- 
tention that IBM took issue 


| with last week. 


Users and analysts said the 


| truth lies somewhere in the 


middle, depending on whether 
an IT organization needs the 
lighter, all-in-one functionality 
being promised by Informati- 
ca or the heavier but more 
robust tools that IBM sells. 
“Informatica is more like a 
Swiss Army Knife, and IBM is 
more like a toolbox,” said Eric 
Rogge, an analyst at Ventana 
Research Inc. in San Mateo, 
Calif. “If you’re going on a 


wee 





| suite; shipments aren’t due until April 


hike, you may not want to lug 
around a heavy toolbox. But if 
you're building a house, you 


| wouldn’t want to use a Swiss 


Army Knife.” 

Redwood City, Calif.-based 
Informatica and IBM’s infor- 
mation integration division — 
which was bolstered in April 
when IBM bought Ascential 
Software Corp. for $1.1 billion 
— are battling for supremacy 
in the growing market for data 
integration software. 


Feature Claims 
Informatica plans to announce 
Version 8 of PowerCenter this 
k, although it isn’t due for 
general release until April. It 
will be available by year’s end 
on a limited basis. 

Ivan Chong, vice president 


Air Force, DOD Set to Link 
Web Services Registries 


BY HEATHER HAVENSTEIN 
The USS. Air Force and U.S. 
Department of Defense plan 
to merge part of their Web 
services registries to allow 
the sharing of such services 
throughout the military. 

In recent months, the pro- 
gram office charged with inte- 
grating all Air Force combat 
support systems, the Globai 
Combat Support System-Air 
Force Team (GCSS), has been 
using registry technology to 
catalog its growing stable of 
Web services. 

Six months ago, the GCSS 
launched the Core Discovery 
Service, which is based on reg- 
istry technology from Systinet 
Corp. in Burlington, Mass., to 
let users access Web services 
and other enterprise services. 

Officials are also using the 
system, the first production 
discovery service used by the 
USS. military, to promote the 





use of the Web services and to 
help whittle down the number 
of disparate combat support 

systems and data sources cur- 


| rently in place. 


Over the next month, the 
GCSS plans to integrate the 
Core Discovery Service with a 
pilot discovery service, also 
based on Systinet technology, 
created by the Defense De- 
partment. This integrated sys- 
tem will let users from all mil- 
itary branches access GCSS 
Web services. 

The GCSS also is using its 
discovery service to help con- 
solidate multiple databases, 
data warehouses and analytic 
tools used for combat systems, 
said Lt. Col. Joe Besselman, 
program manager for the Air 
Force GCSS. 

The GCSS program was 
launched nine years ago to 
consolidate 600 systems, in- 
cluding many redundant data- 





Looks for Edge Over IBM 


Company, New Chip | 


of product marketing at Infor- 
matica, said PowerCenter 8 
will be the first product of its 
kind to offer users a seamless- 
ly integrated platform. Fea- 
tures include the ability to “fed- 
erate” historical information 
in data warehouses with real- 
time transaction data, he said. 
Mark Register, chief market- 
ing officer at IBM’s integration 
division, retorted that his 
unit’s family of software tops 
Informatica’s products on the 
strength of its features, despite 
the fact that PowerCenter 8 has 
a so-called push-down opti- 
mization feature that allows 
data transformations to be 
done within a database. IBM 
hasn’t seen much demand for 
that capability, Register said. 
IBM is beta-testing a com- 
bined version of the IBM and 
Ascential integration tools in 
an initiative known as Project 


bases, Besselman said. The 
GCSS has so far cut that num- 
ber to 150 systems and plans to 


| further cut the total to 120 by 


2010, he said. 

“Our goal is to eliminate the | 
silos — the duplicating ware- 
houses and data marts — 
wherever possible,” Bessel- 
man said. 

For example, the GCSS is 
using registry technology to 
build an enterprise data ware- 
house, which will help elimi- 
nate multiple analytic tools 
and mini data warehouses that 
were custom-built in various 
Air Force departments. 


The Air Force GCSS pro- 
i Our goal is 

to eliminate 
the silos - the dupli- 
cating warehouses 
and data marts - 
wherever possible. 


LT. COL. JOE BESSELMAN, 





PROGRAM MANAGER, AIR FORCE GCSS 
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Hawk. The software is sched- 
uled to be released next year, 
said an IBM spokeswoman 
who wouldn’t disclose a more 
specific shipment date. 

Ace Hardware Corp. began 
using Informatica’s software 
four years ago for basic ex- 
tract, transform and load jobs 
on batch data, said Mark 
Cothran, a data warehouse 
architect at the Oak Brook, 
Ill.-based retailer and a Power- 
Center 8 beta tester. Now the 
5,000-store cooperative uses 
PowerCenter to translate or- 
ders from an e-commerce ser- 
vice provider into a DB2 data- 
base format in near real time, 


| said Cothran. Even though 


Ace primarily runs IBM sys- 
tems, he said IBM hasn’t asked 
him to switch to its data inte- 
gration software. “I haven’t, 
and I wouldn't,” Cothran said. 
In contrast, Atique Shah, ex- 
ecutive vice president of CRM 
at Churchill Downs Inc., home 
of the Kentucky Derby, said he 
chose Ascential’s DataStage 
software 18 months ago in a 
bake-off that included Infor- 
matica’s tools. @ 57871 


gram has so far standardized 
on data warehouse technology 
from NCR Corp.’s Teradata 
unit, Microsoft Corp.’s SQL 
server database, Business Ob- 
jects SA’s reporting tools and 
Cognos Corp.'s analytic tools. 

Since building the discovery 
service, the program has been 
able to provide near-real-time 
status reports for any aircraft 
globally by fusing data views 
from flight line, maintenance 
and supply systems in the en- 
terprise data warehouse, 
Besselman added. 

Anne Thomas Manes, an 
analyst at Burton Group in 
Midvale, Utah, said corpo- 
rate IT operations are also 
beginning to use registries to 
manage Web services, data 
sources, data feeds, reports 
and metadata. 

“A registry also provides a 
foundation for management 
and governance, [and] compa- 
nies can use the registration 
process to verify that services 
meet certain criteria required 
before promoting into produc- 
tion,” she added. @ 57865 
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Extortion Viruses Target 
Systems in Russia Again 


LONDON 

WO NEW versions of a virus that 
T= first reported in May are be- 

ing used to stage renewed attacks 
against computers in Russia, security 
researchers said last week. The viruses 
encrypt files, and their authors attempt 
to extort money from victims in return 
for decoding the data. 

The viruses, called JuNy.A and 
JuNy.B, search for more than 100 file 
types by extension, according to a 
warning issued by San Diego-based 
Websense Inc. The renewed attacks 
were first reported on 
a blog published by 
Kaspersky Lab in 
Moscow. 

So far, the distribution 
of the new viruses ap- 
pears to be limited to Rus- 
sia. They’re similar to the 
so-called gpcode virus 
that struck that country 
in May, said David Emm, a 
senior technology consul- 
tant at Kaspersky’s office 
in Abingdon, England. 

Emm said it’s suspected 
that the viruses enter a 
computer after a user 
visits a certain Web site, 
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either by exploiting a vulnerability on 
the system or activating after the user 
runs executable code containing the 
viruses. 

m JEREMY KIRK, iDG NEWS SERVICE 


African Agency Urges 
Open-Source Adoption 


LUSAKA, ZAMBIA 
HE new Partnership for Africa’s 
T bevstonment (NEPAD) is urging 
African governments to embrace 
open-source software for their systems 
in a bid to encourage indigenous soft- 
ware development projects. 

While there have been some open- 
source initiatives on the 
continent, including the 
Impi Linux project in 
South Africa, such tech- 
nologies aren’t widely 
used, according to Abel 
Chambeshi, Zambia’s 
minister of transport and 
communications. 

Chambeshi, who spoke 
at an international work- 
shop on free and open- 
source software here 
last week, said that the 
NEPAD has issued guide- 
lines on open-source us- 
age as part of its effort 
to help boost adoption. 





The NEPAD, based in Johannesburg, 
South Africa, is chartered to finance 
economic development projects in 
Africa and has been trying to spur 
improvements in the continent’s IT 
infrastructures. 
mw MICHAEL MALAKATA, IDG NEWS SERVICE 


Munich’s Vendors Slow 
To Migrate Apps to Linux 


MUNICH 

HE MIGRATION of some 300 busi- 
Tes applications from Windows 

to Linux is among the top chal- 
lenges facing the city of Munich as it 
embarks on one of the largest public- 
sector open-source projects in Europe 
to date. 

“We knew from the start that migrat- 
ing our many city administration- 
specific applications would not be 
easy. And it isn’t, frankly,” said Florian 
Schiessl, one of the managers of the 
city’s Linux migration project. The 
project, called LiMux, will deploy 
Linux on 14,000 PCs. 

Schiess] declined to say how many 
applications have been migrated. He 
said that one-third of the city’s soft- 
ware suppliers have a migration path 
and another one-third claim they are 
working to create one. The rest of the 
vendors have remained mum, accord- 
ing to Schiessl. “Our goal is to have 
80% of our applications migrated by 
2008,” he added. @ 57843 
w JOHN BLAU, IDG NEWS SERVICE 
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Briefly Noted 


LM Ericsson Telephone Co. in 
Stockholm last week agreed to buy 
parts of Marconi Corp. for £1.2 bil- 
lion ($2.1 billion U.S.). As part of 
the deal, Ericsson gets the Marconi 


Advanced Micro Devices Inc. has 
licensed the core technology in its 
Geode microprocessor to Beijing 
University and China’s Ministry of 
Science and Technology. The two 
organizations plan to use the tech- 
nology to develop low-power and 
embedded processors for consumer 
and commercial applications. 

mw SUMNER LEMON, IDG NEWS SERVICE 


The Office of the U.S. Trade Rep- 
resentative has launched an inves- 
tigation through the World Trade 
Organization to obtain information 
on China’s procedures for enforcing 
intellectual property rights. The 
move, which stops short of a formal 
complaint, is aimed at pressuring 
Chinese officials to step up efforts 
to fight software piracy. 

m STACEY COWLEY, IDG NEWS SERVICE 


Skype Flaws Prompt Warnings 


Peer-to-peer VoIP 
software could 
pose dangers to IT 


BY JAIKUMAR VIJAYAN 
The growing use of free Inter- 
net telephony software from 
Skype Technologies SA could 
soon create the same security 
challenges posed by other 
peer-to-peer technologies, say 
security experts. 

The warnings come after last 
week’s disclosure of two criti- 
cal flaws in Skype's software, 
one of which could allow ma- 
licious hackers to take control 
of compromised systems. Fix- 
es for both problems have been 
released, the company said. 


Skype, which eBay Inc. ac- 
quired last year in a $2.6 bil- 
lion deal, offers downloadable 
software that lets PC users 
make free Internet telephone 
calls to one another and low- 
cost calls to telephone users. 

Luxembourg-based Skype 
claims more than 61 million 


| registered users. About 30% of 


that total use the software for 
business purposes, it said. 
| Andreas Wuchner-Bruhl, 
head of global IT security at 
Novartis Pharma AG in Basel, 
Switzerland, cited two prob- 
lems created by the spread of 
Skype in corporate settings. 
“The major one is around 





availability,” he said. “Skype 
can use a lot of network band- 





width, which may interfere 
with business applications and 
services.” Wuchner-Bruhl said 
another problem with Skype is 
that it’s a security threat. He 
noted that “every nonstandard 
application can add unneces- 
sary risks to your environ- 
ment.” 

Gartner Inc. suggested in an 
advisory that eBay’s purchase 
of Skype could trigger devel- 
opment investments to make 
Skype more suited for corpo- 
rate use. 

In the meantime, Gartner 
advised business users to 
refrain from using “voice ser- 
vices based on proprietary 
protocols like Skype while on 


! corporate networks, because 





of network security issues.” 

There are several reasons 
for such concerns, according 
to industry experts. “Skype is 
VoIP on steroids,” capable of 
punching holes through many 
typical corporate network de- 
fenses, said Tom Newton, 
product manager at Smooth- 
Wall Ltd., a vendor of firewall 
and other security products in 
Leeds, England. 

Like other peer-to-peer 
technologies, Skype allows its 
users to establish direct con- 
nections with one another. 

Skype is also “port agile,” 
meaning that if a firewall port 
is blocked, Skype will seek 
other open ports to establish 
a connection, Newton said. 

As a result, Skype could 
provide a back door into oth- 
erwise secure networks for 
Trojan horses, worms and 





viruses, Newton said. It could 
also provide a channel for cor- 
porate data to be freely shared 
among users without any se- 
curity considerations, he said. 

Skype uses a proprietary 
protocol instead of standard 
protocols, such as the Session 
Initiation Protocol, used by 
vendors of commercial voice- 
over-IP products. Thus there 
may be “unknown vulnerabili- 
ties” in Skype, said John Pesca- 
tore, an analyst at Gartner. 

So far, there have been no 
major attacks directed against 
Skype. But its growing in- 
stalled base will inevitably 
make it a hacker target, accord- 
ing to analysts. As a result, 
companies need to keep a close 
eye on both the sanctioned 
and the nonsanctioned use 
of Skype on their networks, 
Pescatore said. @ 57862 
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NEWS 


Users Are Rethinkin 
Disaster Recovery Plans 


Bank dumps its 
outsourcer, brings 
program in-house 


BY LUCAS MEARIAN 
ORLANDO 
NFORMATION technology 
operations either lack 
funding for disas- 
ter recovery proj- 
ects or are rethinking 
how to protect data to 
better ensure that sys- 
tems can be restored 
in case of a disaster, 
said users at the Stor- 
age Networking World 
conference here last 
week. 

Al Todd, senior vice 
president of the IT 
services division at 
Pacific Capital Bancorp, 
said his company has decided 
to stop outsourcing its backup 
tasks and “bring disaster re- 
covery in-house.” The bank is 


STORAGE 
NETWORKING 
WORLD 


| the midst of that changeover 
now, said Todd, who partici- 
pated in a panel discussion at 
the conference. 

The bank’s service provider 
uses a backup facility in Phila- 
delphia, far from Pacific Capi- 
tal’s primary data center in 

Santa Barbara, Calif., Todd 
said. The new plan calls 
for using an in-house 
site that will be located 
about 240 miles away 
from the data center. 

“Our main concern 
was, what if you have a 
disaster, and [several] 
banks come into that 
site at the same time? 
Who gets first dibs” at 
using the data center? 
he said. “I want it to 
be me.” 
Todd wouldn’t name 
the service provider, saying 
only that it’s a “well-known, 
leading” vendor. 

In an impromptu poll of 





over 1,000 conference atten- 
dees, many IT managers indi- 
cated that disaster recovery is 
a top issue. 

For example, 55% of the re- 
spondents said that executives 
at their companies have cost- 
justified, though not necessari- 
ly approved, business continu- 
ity and disaster recovery pro- 
jects. Twenty-five percent said 
officials have found that tiered 
storage architecture projects 
meet cost criteria, and 11% said 
virtualization technologies are 
seen as important enough to 
warrant funding. 

Jon William Toigo, senior 
analyst at Toigo Partners Inter- 
national LLC in Dunedin, Fla., 
said disaster recovery is rarely 
a front-burner issue for IT or- 
ganizations. It’s more often an 
insurance policy without a re- 
turn on investment, which is 


| why such projects can be so 


difficult to fund, he said. 
Hal Weiss, information ser- 


| aster recovery up- 





vices systems engineer 
at Baptist Memorial 
Health Care Corp. in 
Memphis, said he’s 
having trouble getting 
upper management to 
approve money for dis- 


grades because of bud- 
getary constraints and 
some issues unique to 
his industry. “We're de- 
pendent on Medicaid 
[and] Medicare insur- 
ance for how much they’re go- 
ing to reimburse us for proce- 
dures,” Weiss said, explaining 
why funding is an issue. 

“I can’t pick the applications 
that the organization purchas- 
es, because they’re dictated by 
the clinicians,” said Weiss, 
who participated in the panel 
discussion with Todd. “Some- 
times an application doesn’t 
lend itself to a [disaster recov- 
ery] strategy. It can only be 
one machine running at one 
time for a specific task.” 

Weiss also noted that Bap- 
tist Memorial has two storage- 
area networks from separate 
vendors, and it has to have 
two disaster recovery schemes 
because the vendors’ network 





Continued from page 1 
Securing Data 


digital tape to transport infor- 
mation between offices. Nev- 
ertheless, Barber said, systems 
weren't restored quickly 
enough after Wilma knocked 
out power to millions in 
southern Florida. 

“Our challenges [in recent 
months] have been to put to- 
gether a suite of services that 
will allow for disaster recov- 
ery and business continuity,” 
he said. 

Holland & Knight’s Fort 
Lauderdale office was re- 
stored Wednesday morning, 
and power was restored to the 
Miami and West Palm Beach 
offices by Friday, he said. 

Barber said the recovery 
process would likely have 
been sped up if real-time, on- 
line data-replication tools had 
been used during the disaster. 

But now, he said, “we’re re- 
ally trying to mitigate [data 


loss] through backup 
and replication.” Bar- 
ber said his firm uses 
shipping services from 
United Parcel Service 
Inc. to move backup 
tapes among some 30 
branch offices. Some 
tapes are encrypted, 
but others are not. 
“That’s a risk,” he said. 

Barber said he’s 
working toward mov- 
ing data over his firm’s 
WAN in an encrypted 
form, which he said will cut 
some transportation costs, 
man-hours and the risk of los- 
ing tapes now moved between 
offices. 

Greg Schulz, an analyst at 
| Evaluator Group Inc. in Engle- 
wood, Colo., suggested that 
technologies such as disk-to- 
disk backup can facilitate rapid 
data recovery and restoration. 
And continuous data protec- 
tion can improve recovery- 
time and recovery-point ob- 
jectives in mainstream envi- 
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Wilma would 
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quicker with 
real-time data- 
& replication tools. 


ronments, he said. 

Ken Black, global 
storage architect at 
Yahoo Inc. in Sunny- 
vale, Calif., said he’s 
seeking new ways to 
encrypt data in light 
of recent high-profile 
cases of data loss and 
because of federal 
guidelines that re- 
quire an emphasis on 
security. 

“We have a group 
called the Paranoids. 
They’re our security people, 
and they look for holes every- 
where — and what’s irritating 
is, we’re finding them every- 
where,” Black said. 

Yahoo has dozens of data 
centers and anywhere from 4 
to 7 petabytes of data to man- 
age, he said. And with so 
much data, his storage admin- 
istrators are struggling to keep 
up with backups. 

“We're trying to find some- 
thing that helps us meet our 
backup windows,” Black said. 





“That’s one of the biggest 
hurdles right now.” 

Like many users at the con- 
ference, which was co-spon- 
sored by Computerworld and 
the Storage Networking Indus- 
try Association, Black said he’s 
testing disk-to-disk backup 
technologies such as virtual 
tape libraries. 

Cliff Dutton, chief technolo- 
gy officer at Ibis Consulting 
Inc. in Providence, R.L, which 
manages 200TB of network- 
attached storage as part of its 
electronic data discovery busi- 
ness, said he’s also concerned 
about his ability to track data 
in a crisis. 

Dutton said he doesn’t repli- 
cate data to an off-site facility 
because data restoration must 
be “almost instantaneous.” The 
cost of meeting such a require- 
ment using an off-site facility 
would be prohibitive, he said. 

“If something is down for 
even a few minutes, it’s a hor- 
rible problem for us,” Dutton 
said. @ 57869 
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switches can’t com- 
municate. 

Todd said Pacific 
Capital has been able 
to cut some disaster 
recovery costs by 
classifying its data so 
that everything need 
not be replicated off- 
site. Only information 
from “critical” busi- 
ness systems is repli- 
cated, he said. And the 
bank’s legal depart- 
ment determines what data is 
critical, alleviating political 
battles with business units 
that want everything protect- 
ed, Todd explained. 

An issue each of the pan- 
elists identified was the need 
for a deletion policy. 

Weiss said his hospital can’t 
delete data because it must 
save everything in order to 
comply with federal, state and 
local regulations. 

“It’s an issue at the bank,” 
Todd said. “We’re going 
through the process of deter- 
mining what can be deleted 
right now with the legal de- 
partment. In the meantime, 
we're keeping everything.” 

@ 57863 
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EMC snubbed: EMC said it won't 
be part of an open-source storage 
management group led by IBM: 


QuickLink 57825 


Q&A: The Weather Channel Interactive's 
technology leader says losing skilled 
workers is his biggest concern: 


QuickLink 57797 


For extended coverage of this year’s 
conference, visit our SNW Now! page: 
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If there’s one thing CIOs and CFOs can agree on, it’s Fujitsu 


Featuring the proven reliability of Intel? Xeon” 


processors, PRIMERGY BX620 S2 blade server 


gives ClOs the power to drive complex 
business-critical enterprise applications based 
on Linux and Windows® operating systems. 
The PRIMERGY BX620 S2 blade server also 
provides a low total cost of ownership 
(TCO), delivering the reliability serviceability, 


and manageability CFOs demand. 


PRIMERGY BX620 S2 
Blade Server 


CFOs 
INSIST 
ON 
THEM 


PRIMERGY BX620 S82 blade server. 


To help maintain high performance and low 
TCO), Fujitsu features Cool-Safe™ cooling 
technology. Developed with aviation simulation 
techniques, this innovative, new approach to 
thermal management optimizes processor 
airflow to keep the server blades running 

at peak performance in real-world 


IT environments. 


For more information on the Fujitsu PRIMERGY BX620 S2 blade server 
and how it can bring ClOs and CFOs together, visit 
us.fujitsu.com/computers/PRIMERGY or call 1-800-831-3183. 
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M GET THE FACTS. 


RADIOSHACK COMPARED TCO AND FOUND WINDOWS SERVER SYSTEM 
WILL SAVE THEM MILLIONS. 


“In upgrading our aging UNIX-based servers, we considered both Windows Server™ and 
Linux. Windows Server System™ offered several advantages, including the ability to consolidate 
our in-store servers by 50% from 10,200 to 5,100—and a savings of several million dollars 
in hardware, software, systems management, and support costs.” ? 

—Ron Cook, Vice President and Chief Technology Officer, RadioShack ®) RadioShack. 


For these and other third-party findings, go to microsoft.com/getthefacts 
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DON TENNANT 


Wage Gap Flap 


OW. YOU JUST NEVER know 
what’s going to get some people 
riled up. I thought I was on safe 
ground last week when I suggest- 
ed that women shouldn’t be paid 


less than men for doing 
the same work [Quick- 
Link 57664]. Turns out I 
ruffled a few peacock 
feathers with that contro- 
versial position. 

“It’s all liberal crap!” 
one reader protested. 

“Men are bad and stupid. 

Women are angels and 

victims. (They don’t pro- 

mote themselves! Except 

when they are showing 

off to get a raise.) [And] 

what they were saying about men and 
crime — women were victims and 
men were attackers! This year women 
accounted for a quarter of violent 
crimes (a news [item] little report- 
ed). Or blame discrimination from 
judges (white males). It seems like 
Computerworld is ‘mainstream media’ 
We can’t expect anything better!” 

At least this reader felt strongly 
enough to take the time to express 
his views on the matter, and I respect 
that. I probably would have respect- 
ed it a little more had he not cloaked 
his views behind a curtain of ano- 
nymity, but what the heck. And I’m 
not certain how crime got mixed in 
to the discussion, but slamming 
women, who constitute more than 
half of the population, for commit- 
ting one-fourth of all violent crimes 
is a real puzzler. With goofiness like 
that to contend with, I have to won- 
der how women are able to exercise 
so much violent-crime restraint. 

It’s almost scarier — sort of insidi- 
ous — when someone expresses 
himself in a more rational manner, 
but promotes the type of thinking 
that we’ve passed laws to protect 
ourselves against. Consider this 
reader’s position: 

“Women are justly paid a little less 





than men on average, be- 
cause they are far more 
likely to abandon their 
careers to pursue raising 
a family,” he explained. 
“The salary discrepancy 
merely reflects the addi- 
tional risk the employer 
is taking on when hiring 
a woman. Perhaps it 
shouldn’t be 10% less, 
but it should be some- 
what less (averaged over 
the whole economy).” 
Well, that’s an interesting argu- 
ment, and a sensible one if you’re 
talking about, say, insurance rates for 
teenage drivers. But we as a nation 
have decided that we don’t want em- 
ployers discriminating by gender 
when it comes to wages. The Equal 
Pay Act, which amended the Fair La- 
bor Standards Act in 1963, prohibits 
that. It stipulates that where employ- 
ees perform equal work in jobs re- 
quiring “equal skill, effort, and re- 


| 
| 





sponsibility and performed under 
similar working conditions,” they 
should be provided equal pay. 

None of this is to say that the issue 
is entirely black and white. Another 
reader complained that having got- 
ten my “shorts in a knot” over the 
gender wage gap, I failed to ade- 
quately address the longevity factor. 

“Women tend to drop out of the 
workforce more often than men, 
leaving them, on average, with short- 
er careers,” he wrote. “Sure, more 
and more women are re-entering 
their careers later — after the kids 
have started school, for example. 
But the net effect is that the average 
years of career work (not to demean 
the work required to raise kids) for 
women is less than men.” 

Clearly, to the extent that lower 
pay is attributable to shorter tenure 
— or to any other legitimate factor, 
for that matter — we should indeed 
keep our apparel unknotted. What’s 
important is that fairness and justice 
prevail. The problem is that we’re 
not yet to the point where we can all 
look each other in the eye and say 
they do. @ 57831 
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VIRGINIA ROBBINS 


Acquiring 
The Skills of 
Acquisition 


’VE BEEN SOLD. More pre- 
cisely, the majority of the 
assets of my company have 


been sold to a competitor. 

The products, infrastructure and intel- 
lectual property that my team and I 
built for four years will belong, by the 
time you read this, to someone else. 
This is my fifth acquisition as a buyer 
or a seller. Being sold feels different 
from being the buyer, but the prepara- 
tions are the same in four key areas. 

1. People. Arrogance, rudeness and 
contempt can’t be tolerated. Mary in 
networking may be a reliable adminis- 
trator, but if she doesn’t work well with 
people today, it’s unlikely that she’ll 
work better with an integration team 
next month that’s likely to question her 
work. If you’ve been 
sheltering an IT 
misfit, monitor her 
interactions or con- 
sider releasing her. 

If you’ve never 
systematically re- 
viewed your staff, 
now is the time to 
candidly do so. Are 
their skills current? 

Can an outsider con- 
firm this? 

Certifications can 
be helpful. Consider 
encouraging your 
best to test. In the 
preacquisition peri- 
od, few large new 
projects are begun. Use this time to of- 
fer staff training. Longer-term classes 
can be part of your overall retention 
program. 

Understand your staff’s strengths, 
weaknesses and preferences. Harry 
may be terrific, but if he would prefer 
to work at a smaller company, it might 
be better for him to do that. 

Review your incentive programs. 
Buyers need staffers to take on addi- 
tional work to integrate operations. 
Sellers need staffers to run operations 
until the integration is complete. In the 
short term, money can motivate. 

2. Process management. Does your 
staff clearly understand how work is to 
be done? You can’t be in on every dis- 
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cussion. Your staffers will need to 
make decisions more quickly than they 
did before. 

Do they understand why their proce- 
dures include certain steps? In an ac- 
quisition, specialists will soon be sug- 
gesting or making changes. If your staff 
can’t speak up and explain why some- 
thing shouldn’t be done, the resulting 
mess may be yours. 

3. Assets. If you haven’t done a physi- 
cal inventory recently, now is the time 
to complete one. If you’re not sure 
about your intellectual property and 
how Accounting and Legal have man- 
aged it, now is the time to ask. Make 
sure that you have complete, accurate 
records that make sense to your CFO. 
If you’re acquiring, you'll need to make 
sure you can easily add the acquisi- 
tion’s asset records to yours. If you're 
being acquired, some technology as- 
sets will be part of the purchase price. 

4. Opportunity. Good people with up- 
to-date skills who work well together 
create opportunities. Clearly docu- 
mented procedures and records dem- 
onstrate management skills. Make sure 
you know what opportunities may be- 
come available. 

Your greatest opportunity will be in 
how you choose to lead. Lead poorly, 
and you may be one of the first to go — 
regardless of whether you're acquiring 
or being acquired. Lead well, and you 
may find yourself with greater oppor- 
tunities. Have your message well craft- 
ed and aligned with your company’s 


made up of three intercon- 
necting trends. The first was 
the growth in the number of 
end users with digital de- 
vices, including the PC but 
extending beyond it as well. 

The second was end-user 
access to multiple connec- 
tion points for wide-area, lo- 
cal and personal networks. 

And the third was a host 
of digital services for busi- 
ness and personal use run- 
ning on the devices. 

All of that came to pass 
more or less as described, 
and with it came new chal- 
lenges for IT departments. 

Support for multiple access 

points and a host of new de- 

vices to deal with were only 

the beginning. While most 
organizations have learned 

to deal with digital ubiquity (in some 
cases by trying to ban end-user device 
adoption), it’s time to prepare for the 
next thing as we move beyond digital 
ubiquity to contextual flow. 

So, what is contextual flow? This no- 
tion builds on the digital ubiquity con- 
cepts but takes them much further. 
Contextual flow is marked by the 
seamless transition from one digital 
context to another, regardless of loca- 
tion or type of device used or the na- 


ture of the content or infor- 
mation being accessed. 
That might sound like a tall 
order, but users are going 
to expect this level of ser- 
vice — and expect it soon. 

We're still living in a 
world where too much of 
the information we need is 
stored in silos. Meanwhile, 
people work and play in 
different places than they 
used to, and they want 
their information to flow 
freely and follow them as 
their individual contexts 
change. 

Like digital ubiquity, con- 
textual flow is also marked 
by three trends. First, infor- 
mation is ubiquitous and 
flows seamlessly between 
locations. 

Second, personal and business do- 
mains are intermingling, with a mobile 
bridge in the middle. 

Third, a ubiquitous identity moves 
from domain to domain. 

Imagine recording a TV show ona 
device in your home and then watch- 
ing some of it before leaving for work. 
On the train, you pick up exactly 
where you left off and finish watching 
in time to talk about it over coffee with 


! your colleagues. You still have some 


| 





time to kill, so you quickly check your 
corporate mail and discover there’s a 
memo that needs to be rewritten. You 
start outlining thoughts just as the 
train pulls in. When you get to your 
desk shortly thereafter, you pick up the 
memo where you left off, send it off 
and begin chatting with a co-worker 
about last night’s TV episode. 

This is a pretty basic scenario, but it 
illustrates just what’s going to happen, 
if it isn’t happening already. Using a va- 
riety of devices and services already 
on the market, that scenario is totally 
possible today. 

In fact, this column started life on a 
Treo, flowed from there seamlessly 
over to my laptop at home and was 
then sent to Computerworld over a 
wireless WAN while I had lunch in a 
cafe and CNBC streamed live in the 
background on my screen from a TiVo 
on my home network. 

What does this mean for IT depart- 
ments? Well, it’s potentially disruptive 
from a support perspective, but like all 
good disruptions, it presents opportu- 
nities to get ahead of the curve and 
win points with end users. Welcome to 
the new world. Again. @ 57645 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site: 
www.computerworld.com/columns 
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objectives. If you don’t know some- 


thing, say so. If you can’t say so, say 
that. Don’t guess, and whatever you do, 
don’t overpromise. If the news is bad, 
explain it fairly. 

Finally, tie your actions to your 
message. You will know if you’ve been 
successful. Bill Owens, the governor 
of Colorado, put it best when he said, 
“Actions, not words, are the ultimate 
results of leadership.” @ 57764 


MICHAEL GARTENBERG 
Information 


Must Follow 
Users Freely 


OUR YEARS AGO, I out- 

lined a vision for what I 

called “ubiquitous com- 
puting” and explained why it 
was important. To recap, ubiquitous 
computing, or digital ubiquity, was 





The Legend of the Mark IV Moth Is a Myth 


ACK IN THE '80s, | was thrilled 


to read about the Mark IV com- 


puter operators finding a moth 
smashed in the relays. This kind of 
mythology made the otherwise dry 
history more interesting and added 
a level of inside knowledge. But in 
researching a college paper on 
computer history, | found that this 
anecdote was baseless. Nonethe- 
less, college students were still be- 
ing taught this false history in the 
‘90s despite a column in Entrepre- 
neur that verified that none of the 
original Mark IV operators remem- 
bered such an incident (although 
they did find a moth once and put it 
in their log book as a joke). 

This article [“Share Poll: Sar- 
banes-Oxley Seen as Biggest IT 
Time Waster,” QuickLink a7300] 
ended with Share President Robert 
Rosen claiming that Grace Hopper 
had coined the term bug after find- 
ing an actual moth in a computer. 

The term bug has been used for 


| hundreds of years to refer to a prob- 
| lem (especially one that's difficult to 
| diagnose) in machinery. Many of the 
engineers working on the first main- 
frames were recruited from other 
lines of work, so much of the IT ter- 
minology we have today is an amal- 
gamation of terms that stuck when 


HE VISIBILITY, transparency 

and understanding of complex 
systems can only be achieved 
through an effort like the one being 


| forced through regulation [“Share 


Poll: Sarbanes-Oxley Seen as Big- 


| gest IT Time Waster,” QuickLink 


a7300). 

IT never did its job properly, and 
now a compliance requirement is 
forcing IT professionals to revisit 
the poor practices that have been 
traits of internal IT departments: 
buying, deploying and using hard- 





ware; not understanding the busi- 





they were used in the computer 
context, including the word bug. 

| hope there will be another article 
in Computerworld dealing with these 
quaint, but nonfactual, anecdotes. 
Whole generations of computer pro- 
fessionals are being raised on them. 
Fred E. Brandii Jr. 


Network administrator, 


| developer, Lowell, Ark. 


ness intent; not preparing for appro- 
priate security; not building reten- 
tion and auditing mechanisms; and 
when all else fails, blindly buying a 


} package, hiring a consulting firm or 


simply outsourcing. 

Sarbanes-Oxley is now challeng- 
ing that and asking IT to get its 
house in order. It is the first hint of 
what is to come as reliance on com- 
puter systems increases for all busi- 
ness functions. 

Instead of embracing this as an 
opportunity for which the CEO is 
forced to provide funds, and using it 





to get better at doing IT, we are 


| complaining. That is just great and 


actually more fodder for the likes of 
Nicholas Carr and other critics of 
our performance, especially CFOs 
and CEOs. 

Nauman Sheikh 

Director of technology 
strategy, Experian Marketing 
Services, Experian Inc., 


| Costa Mesa, Calif. 


| Sarb-Ox Forces IT to Get Its House in Order | 


Nauman.sheikh@ 
experian.com 
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Acquiring 
The Skills of 
Acquisition 


Wage Gap Flap 


sponsibility and performed under 


OW. YOU JUST NEVER know 


7 . similar working conditions,” they 
what’s going to get some people 


should be provided equal pay. 


riled up. I thought I was on safe 
ground last week when I suggest- 
ed that women shouldn’t be paid 


less than men for doing 
the same work [Quick- 
Link 57664]. Turns out I 
ruffled a few peacock 
feathers with that contro- 
versial position. 

“It’s all liberal crap!” 
one reader protested. 
“Men are bad and stupid. 
Women are angels and 
victims. (They don’t pro- 
mote themselves! Except 
when they are showing 
off to get a raise.) [And] 
what they were saying about men and 
crime — women were victims and 
men were attackers! This year women 
accounted for a quarter of violent 
crimes (a news [item] little report- 
ed). Or blame discrimination from 
judges (white males). It seems like 
Computerworld is ‘mainstream media.’ 
We can’t expect anything better!” 

At least this reader felt strongly 
enough to take the time to express 
his views on the matter, and I respect 
that. I probably would have respect- 
ed it a little more had he not cloaked 
his views behind a curtain of ano- 
nymity, but what the heck. And I’m 
not certain how crime got mixed in 
to the discussion, but slamming 
women, who constitute more than 
half of the population, for commit- 
ting one-fourth of all violent crimes 
is a real puzzler. With goofiness like 
that to contend with, I have to won 
der how women are able to exercise 
so much violent-crime restraint. 

It’s almost scarier — sort of insidi- 
ous — when someone expresses 
himself in a more rational manner, 
but promotes the type of thinking 
that we’ve passed laws to protect 
ourselves against. Consider this 
reader’s position: 

“Women are justly paid a little less 


DON TENNANT is editor in 
chief of Computerworld. 
You can contact him at 
don_tennant@ 
computerworld.com. 


than men on average, be- 
cause they are far more 
likely to abandon their 
careers to pursue raising 
a family,” he explained. 
“The salary discrepancy 
merely reflects the addi- 
tional risk the employer 
is taking on when hiring 
a woman. Perhaps it 
shouldn’t be 10% less, 
but it should be some- 
what less (averaged over 
the whole economy).” 
Well, that’s an interesting argu- 
ment, and a sensible one if you’re 
talking about, say, insurance rates for 
teenage drivers. But we as a nation 
have decided that we don’t want em- 
ployers discriminating by gender 
when it comes to wages. The Equal 
Pay Act, which amended the Fair La- 
bor Standards Act in 1963, prohibits 
that. It stipulates that where employ- 
ees perform equal work in jobs re- 


quiring “equal skill, effort, and re- 


\We'VE DECIDED ON A 
DIFFERENT SECURITY 
TACK: BY FOCUSINGON 
ALL UNWANTED ProgRAMs, 
We SIDESTEP THE 199UE 
OF SPECIFICALLY 
IDENTIFYING 7 \ 
SPYWARE =‘ 


AND 
MALWARE . 


CAN 1 USE 
THe LETTER 


None of this is to say that the issue 
is entirely black and white. Another 
reader complained that having got- 
ten my “shorts in a knot” over the 
gender wage gap, I failed to ade- 
quately address the longevity factor. 

“Women tend to drop out of the 
workforce more often than men, 
leaving them, on average, with short- 
er careers,” he wrote. “Sure, more 
and more women are re-entering 
their careers later — after the kids 
have started school, for example. 
But the net effect is that the average 
years of career work (not to demean 
the work required to raise kids) for 
women is less than men.” 

Clearly, to the extent that lower 
pay is attributable to shorter tenure 

- or to any other legitimate factor, 
for that matter — we should indeed 
keep our apparel unknotted. What’s 
important is that fairness and justice 
prevail. The problem is that we’re 
not yet to the point where we can all 
look each other in the eye and say 


they do. @ 57831 


yc Leen 


(T HASN'T 
BEEN CLEARED}, 


"VE BEEN SOLD. More pre- 

cisely, the majority of the 

assets of my company have 
been sold to a competitor. 
The products, infrastructure and intel- 
lectual property that my team and I 
built for four years will belong, by the 
time you read this, to someone else. 
This is my fifth acquisition as a buyer 
or a seller. Being sold feels different 
from being the buyer, but the prepara- 
tions are the same in four key areas. 

1. People. Arrogance, rudeness and 
contempt can’t be tolerated. Mary in 
networking may be a reliable adminis- 
trator, but if she doesn’t work well with 
people today, it’s unlikely that she'll 
work better with an integration team 
next month that’s likely to question her 
work. If you’ve been 
sheltering an IT 
misfit, monitor her 
interactions or con- 
sider releasing her. 

If you’ve never 
systematically re- 
viewed your staff, 
now is the time to 
candidly do so. Are 
their skills current? 
Can an outsider con- 
firm this? 


VIRGINIA ROBBINS is the 
former chief informa- 
tion and operations 
officer and managing 
director at Chela 
Education Financing 
in San Francisco. 
Contact her at 


v_m_robbins@yahoo.com. 


Certifications can 
be helpful. Consider 
encouraging your 
best to test. In the 
preacquisition peri- 
od, few large new 
projects are begun. Use this time to of- 
fer staff training. Longer-term classes 
can be part of your overall retention 
program. 

Understand your staff’s strengths, 
weaknesses and preferences. Harry 
may be terrific, but if he would prefer 
to work at a smaller company, it might 
be better for him to do that. 

Review your incentive programs. 
Buyers need staffers to take on addi- 
tional work to integrate operations. 
Sellers need staffers to run operations 
until the integration is complete. In the 
short term, money can motivate. 

2. Process management. Does your 
staff clearly understand how work is to 
be done? You can’t be in on every dis- 
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cussion. Your staffers will need to 
make decisions more quickly than they 
did before. 

Do they understand why their proce- 
dures include certain steps? In an ac- 
quisition, specialists will soon be sug- 


gesting or making changes. If your staff 


can’t speak up and explain why some- 
thing shouldn’t be done, the resulting 
mess may be yours. 

3. Assets. If you haven’t done a physi- 
cal inventory recently, now is the time 
to complete one. If you’re not sure 
about your intellectual property and 
how Accounting and Legal have man- 
aged it, now is the time to ask. Make 
sure that you have complete, accurate 
records that make sense to your CFO. 
If you’re acquiring, you'll need to make 
sure you can easily add the acquisi- 
tion’s asset records to yours. If you’re 
being acquired, some technology as- 
sets will be part of the purchase price. 

4. Opportunity. Good people with up- 
to-date skills who work well together 
create opportunities. Clearly docu- 
mented procedures and records dem- 
onstrate management skills. Make sure 
you know what opportunities may be- 
come available. 

Your greatest opportunity will be in 
how you choose to lead. Lead poorly, 
and you may be one of the first to go — 
regardless of whether you're acquiring 
or being acquired. Lead well, and you 
may find yourself with greater oppor- 
tunities. Have your message well craft- 
ed and aligned with your company’s 
objectives. If you don’t know some- 
thing, say so. If you can’t say so, say 
that. Don’t guess, and whatever you do, 
don’t overpromise. If the news is bad, 
explain it fairly. 

Finally, tie your actions to your 
message. You will know if you’ve been 
successful. Bill Owens, the governor 
of Colorado, put it best when he said, 
“Actions, not words, are the ultimate 


results of leadership.” @ 57764 


Information 
Must Follow 
Users Freely 


OUR YEARS AGO, I out- 

lined a vision for what I 

called “ubiquitous com- 
puting” and explained why it 
was important. To recap, ubiquitous 
computing, or digital ubiquity, was 


made up of three intercon- 
necting trends. The first was 
the growth in the number of 
end users with digital de- 
vices, including the PC but 
extending beyond it as well. 

The second was end-user 
access to multiple connec 
tion points for wide-area, lo- 
cal and personal networks. 

And the third was a host 
of digital services for busi- 
ness and personal use run- 
ning on the devices. 

All of that came to pass 
more or less as described, 
and with it came new chal- 
lenges for IT departments. 
Support for multiple access 
points and a host of new de- 
vices to deal with were only 
the beginning. While most 
organizations have learned 
to deal with digital ubiquity (in some 
cases by trying to ban end-user device 
adoption), it’s time to prepare for the 
next thing as we move beyond digital 
ubiquity to contextual flow. 

So, what is contextual flow? This no- 
tion builds on the digital ubiquity con- 
cepts but takes them much further. 
Contextual flow is marked by the 
seamless transition from one digital 
context to another, regardless of loca- 
tion or type of device used or the na- 


The Legend of the Mark IV Moth Is a Myth 


ACK IN THE "80s, | was thrilled 

to read about the Mark IV com 
puter operators finding a moth 
smashed in the relays. This kind 
mythology made the otherwise dry 


history more interesting and added nes of wc 


a level of inside knowledge. But in 
researching a college paper on 
computer history, | found that th 
anecdote was baseless. Nonethe 
less, college students were still be 
ing taught this false history in the 
‘90s despite a column in Entrepre 


hundreds of years to refer to a prob- 
ecially one that’s difficult to 
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engineers working on the first main- 

frames were recruited from other 

rk, so much of the IT ter- 

minology we have today is an amal- 


jamation of terms that stuck when 


ture of the content or infor- 
mation being accessed. 
That might sound like a tall 
order, but users are going 
to expect this level of ser- 
vice — and expect it soon. 
We're still living in a 
world where too much of 
the information we need is 
stored in silos. Meanwhile, 
people work and play in 
different places than they 
used to, and they want 
their information to flow 
freely and follow them as 
their individual contexts 
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textual flow is also marked 
by three trends. First, infor- 
mation is ubiquitous and 
flows seamlessly between 
locations. 

Second, personal and business do- 
mains are intermingling, with a mobile 
bridge in the middle. 

rhird, a ubiquitous identity moves 
from domain to domain. 

Imagine recording a TV show ona 
device in your home and then watch- 
ing some of it before leaving for work. 
On the train, you pick up exactly 
where you left off and finish watching 
in time to talk about it over coffee with 
your colleagues. You still have some 
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time to kill, so you quickly check your 
corporate mail and discover there's a 
memo that needs to be rewritten. You 
start outlining thoughts just as the 
train pulls in. When you get to your 
desk shortly thereafter, y 


memo where you left off, send it off 


ou pick up the 


and begin chatting with a co-worker 
about last night’s TV episode 

This is a pretty basic scenario, but it 
illustrates just what’s going to happen, 
if it isn’t happening already. Using a va 
riety of devices and services already 
on the market, that scenario is totally 
possible today. 

In fact, this column started life on a 
Treo, flowed from there seamlessly 
over to my laptop at home and was 
then sent to Computerworld over a 
wireless WAN while I had lunch in a 
cafe and CNBC streamed live in the 
background on my screen from a TiVo 
on my home network. 

What does this mean for IT depart- 
ments? Well, it’s potentially disruptive 
from a support perspective, but like all 
good disruptions, it presents opportu 
nities to get ahead of the curve and 
win points with end users. Welcome to 


the new world. Again. @ 57645 
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they did find a moth once and put it 
in their log book as a joke) 

This article [“Share Poll: Sar 
banes-Oxley Seen as Biggest IT 
Time Waster,” QuickLink a7300] 
ended with Share President Robert 
Rosen claiming that Grace Hopper 
had coined the term bug after find- 
ing an actual moth in a computer 

The term bug has been used for 
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You need a darn good reason 


to introduce another vendor 


into your network. Here are four. 


3com.com/AdvanceTheNetwork 


security 
VoIP 
wireless 
switching 
routing 


services 
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QUICKSTUDY 
MTBF 


Mean time between failures and the related 
mean time to failure are measures of hardware 
reliability, usually expressed in hours, They indi- 
cate in statistical terms the working lifetime of a 
given component. Page 30 
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SECURITY MANAGER'S JOURNAL 


Making the Move 

From IDS to IPS 

Mathias Thurman decides that the benefits of 
moving from an intrusion-detection system to 
inline intrusion-prevention technology out- 
weigh the drawbacks. Page 34 





SPY STOPPERS 
FIGHT BACK 


10.31.05 


Q&A 

Redefining Cool 

HP Labs’ Chandrakant Patel 
discusses his research, which 
could lead to cooler data cen- 
ters that use 50% less energy. 


Page 28 


PYWARE USED TO BE THOUGHT of as a 
consumer problem. Now it has IT’s full 
attention, and it’s no wonder: In a 
Computerworld survey of subscribers 
with IT security responsibilities that 
was conducted for this story, 79% of 
the 577 respondents said they've had prob- 
lems with spyware in the past 12 months, and 
71% said they see it as a threat to their organi- 
zations. While spyware’s major impact has 
been on the help desk because of spyware- 
related system reliability and performance is- 
sues, the unwanted programs are also viewed 
as a growing security threat — one that 84% 
of respondents said is increasing. 
The good news is that IT organizations 
are finally starting to get the kinds of tools 
that are needed to bring the problem under 
control. The evolution of centrally managed, 
enterprise-class antispyware tools for the 
desktop and the emergence of spyware-savvy 
gateways for the network perimeter are help- 
ing IT organizations identify and eliminate 
spyware programs and block new ones from 
infecting business PCs. Although the tools 
are new and still maturing, 41% of our survey 
respondents said they are already using enter- 
Continued on page 26 


With spyware now a 
top|T security concern, 
organizations are finally 
Starting to reinin the 
unwanted software. 


HERE'S HOW. 
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TECHNOLOGY THAT GETS YOU 
“EVERYTHING’S 


Liaw = 


IBM eServer xSeries 226 Express 


An entry-level 2-way server that 
offers the reliability and 
performance needed for day-to- 
day computing. Easy to set up 
and deploy, with access to all 
major system components 


System features 


Up to two Intel® Xeon™ 


Proc rs 3GH2/2M 


Nard Olsk ar 


SCS 


Integrated RAID 0,1 


$1,639** 


(Other configurations as low as $1,229) 


IBM Financing Advantage 
y $46 per 


IBM eServer xSeries 260 Express 


IBM's newest third-generation 
Enterprise X-Architecture 
server. Designed for companies 
looking for database, e-mail, 
Web/e-commerce or consolidated 
application serving 


IBM eServer xSeries 346 Express 


Help maximize performance and 
improve availability in a rack 
dense environment with 
Xtended Design Architecture” 
Includes Calibrated Vectored 
Cooling, an IBM innovation that 


helps increase uptime System features 


System features Up to four 64-bit Intel® Xeon™ 


Xeon™ Processors MP, up to 3.66GHz 


3GH2/2MB 


Up to two Intel 
P Four-way tower or 7U rack 


capability 


rocessors 

Two-way 2U rack server 

Up to 3.6TB hot-swappable 
SAS (serial attach SCSI!) 
hard disk storage 


Up to 16GB DDR2 memory 
using 8 DIMM slots with 
enhanced memory 

Up to 64GB of memory with 
advanced memory protectior 


Limited warranty 
3 years on-site 


Limited warranty: 3 years on-site 


$5,399"* 


(Other configurations as low as $4,599) 


$3,315** 


(Other configurations as low as $2,219) 


IBM Financing Advantage 
$93 IBM Financing Advantage 


$151 


IBM TotalStorage DS300 Express System features 
3U rack r 


This entry-level, cost-effective iSCSI host- 

attached storage system utilizes your existing with two controllers 
network infrastructure to deliver advanced 
functionality. Provides an exceptional SAN 
storage solution with xSeries servers for 
e-mail/file/print. 


yuNt entry-leve 


Support for up to 14 
Ultra320 SCSI disk dr 


$6,455" 
(Other configurations as low as $2,995) 


IBM eServer BladeCenter HS20 Express 


Offers extreme flexibility and 
scalability, plus it helps to 
consolidate and simplify your 
infrastructure. Helps reduce 
power consumption and save 
valuable floor space 


System features 


and 64-bit a 
IBM Director 


Limited we 


3 years O 


$2,899°* 


(Other configurations as low as $1,669) 


IBM Financing Advantage 
$81 


Starts at 584GB 
scales to 4.2TBE 


Limited warranty: 1 year 


on-site? 


IBM Financing Advantage 
$180 ; t 





USED TO SAYING: 
UNDER CONTROL: 


IBM Express Servers and Storage™ for mid-sized business. 


Know an LT. person who doesn’t like to hear that “everything's under control”? 
We don’t. That’s why we offer an innovative management tool called IBM 
Director that can alert your |.T. people to potential problems up to 48 hours in 
advance! 


And our Calibrated Vectored Cooling on select xSeries” servers helps cool your 
systems more efficiently. Packing more servers into a single rack. Helping to 
save space, energy, money. 


With IBM Express, innovation comes standard. That's true fo! servers, storage 
and printers. Your local IBM Business Partner can tell you more. And remember, 
you can keep your technology current while helping to reduce costs — through 
IBM Global Financing. 


Excited? No need to control yourself. Get started today. 


Save time. Save costs. Save the day! (Optimize your I. T.) 


ibm.com/systems/innovate1 
1 800-IBM-7777 


IBM TotalStorage DS400 Express System features 


Exceptional entry-level solution for workgroup 
storage needs. With advanced functionality, 
the DS400 supports xSeries servers and 
utilizes hot-swap Ultra320 SCSI drives for 
high reliability 


IBM Financing Advantage 
(Other configurations as low as $4,995) $237 
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Computerworldsurveyed 577 executive-level IT professionals from its subscriber base and asked 
them to share their views of the spyware problem. Names were randomly chosen from a select 
group with IT management job titles and involvement in planning or purchasing IT security-related 
products or technologies. Responses were gathered this month. Here’s what they had to say: 


Have you experienced 
problems with spyware 
inthe past 12 months? 


How do you perceive 
the threat level presented 
by spyware? 


Somewhat of 
athreat 


Asignificant 
threat 


Ss 
Abig 
threat 


Nota threat 
3% 
NOTE: Does not total 100% due to rounding 


Do you think the spyware 
threatis increasing, decreas- 
ing or staying the same? 


| About the same 
increasing ce 
te 


Decreasing 
2% 


NOTE: Does not total 100% due to rounding. 


Continued from page 23 
prise-ready antispyware software. 

At TelCove, the use of enterprise 
antispyware software has cut help desk 
call volumes by about 30%, says Win- 
dows server administrator Anthony 
Waters. The help desk at the Canons- 
burg, Pa.-based telecommunications 
company fields calls from 1,500 users 
in 72 offices. As spyware-related calls 
to the help desk skyrocketed late last 
year, the task of cleaning PCs with 
stand-alone antispyware tools and 


What are the spyware- 
related problems you 
have experienced in the 
past 12 months? 


Desktop support/ 
performance issues 


83% 
22% 


14% 
1% 
6% 
3% 
9% 


Trojan or other backdoor 
access allowed break-in 


Destruction of 
data or programs 


Loss of personal 
information 


Loss of organization’s data 
or intellectual property 
Identity theft 


Other 


Effectiveness ratings of 
enterprise-class 
antispyware products 


Me ei 
eae 


Preventing spyware 


ee ea 
Ulta) ee 


Detecting spyware 
Removing spyware 
Preventing spyware 


BASE: 235 respondents whose organizations currently 
use enterprise-class antispyware products 


reimaging badly infected machines 
became overwhelming. “It was just 
crazy,” Waters says. 

Last December, Waters added 
McAfee Inc.’s AntiSpyware Enterprise 
to his antivirus software and deployed 
it to the desktops using McAfee’s Poli- 
| cy Orchestrator software. Early on, the 
software didn’t catch all spyware pro- 
grams, and in some cases, programs it 
had supposedly removed came back. 
“But as we got different [updates], that 
part has improved,” Waters says. This 








spring, he also upgraded all PCs to 
Windows XP with Service Pack 2, a 
move that helped eliminate several 


| Windows and Internet Explorer vul- 


nerabilities that spyware programs are 
known to exploit. Now, Waters says, 
spyware-related help desk calls have 
almost been eliminated. 

One year ago, few enter- 
prise-ready antispyware tools 
were available. Today, every 
major antivirus software ven- 
dor has an offering for the 
problem that Microsoft Corp. 
says was responsible for one 
out of every three Windows 
system crashes last year. Al- 
though the tools are still ma- 
turing, IT is going ahead with 
deployments, according to 
IDC analyst Brian Burke. “It’s 
now the third-most-imple- 
mented security software, af- 
ter antivirus and firewalls,” he says. 

While IT organizations worry that 


spyware can potentially be used to 


steal sensitive data, just 6% of the Com- 
puterworld survey respondents who 
reported spyware problems cited a re- 
sulting loss of organizational data or in- 
tellectual property. But more than half 
reported increased help desk activity 
resulting from spyware infections. 

Commercial adware continues to 
cause reliability and performance is- 
sues for business users. Twenty-two 
percent of respondents reported that 
the more insidious programs — Tro- 
jans, keyloggers, dialers and 
remote-control programs — 
resulted in break-ins, while 
14% experienced destruction 
of data or programs. The rea- 
son those numbers aren’t 
higher is probably because 
such exploits are increasing- 
ly being picked up by other 
security layers. 

At TelCove, for example, 
desktop antivirus software 
has caught dialers and Tro- 
jans. But information securi- 
ty professionals also worry 
about data loss through mali- 
cious use of the mechanisms and com- 
munication channels that adware uses. 

“The main issue is the kinds of things 
that come through Ports 80 and 443, 
which are the general business ports. 
It’s hard to block those,” says Randy 
Sanovic, general director of information 
security at General Motors Corp. Anti- 
spyware tools address those concerns. 

Help desk calls tend to underreport 
the scope of the spyware problem be- 
cause users don’t complain until their 
systems have become almost totally un- 


nd 
ing 


of those surveyed 
said they are con- 
cerned or very 
concerned about 
the possibility 
that spyware 
might be used for 


identity theft. 
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possibility that 
spyware might 
beu yee fo and block spyware activity. 


espionage. 
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| stable. They wait until “they can’t toler- 
ate it anymore or you have a complete 
breakdown of the computer,” says Paul 
Bryan, director of product management 
for client security at Microsoft. 

Peter Wallace knew from help desk 

call volumes that he had a spyware 

| problem at AAA Reading-Berks, an auto 


en Regent club in Wyomissing, Pa. But 


the extent of the infection sur- 
prised even him. When he ran 
eTrust PestPatrol across the 
organization’s 90 machines, 
he found that 70% had prob- 
lems. Deployment of the anti- 
spyware software cut the time 
he spent addressing spyware 
issues from 20 hours a week 
to a few minutes a day review- 
ing reports, he says. 

Sam Curry, vice president 
of eTrust security manage- 
ment at Computer Associates 
International Inc., says the company’s 
PestPatrol customers typically find 25 
to 90 instances of spyware per PC. Sta- 
tistics like that are what worry GM’s 
Sanovic and other IT executives who 
haven't yet deployed antivirus tools 
enterprisewide. “What you don’t know 
is the problem with spyware. If you 
don’t look, you don’t know when you 
are exposed,” Sanovic says. 

Gateway appliances on the network 
are also getting better at blocking spy- 
ware activity. At Exchange Bank, an 
intrusion-prevention appliance from 
Internet Security Systems Inc. blocks 


% 





aise, ys: hapa activity, says Bob 


Gligorea, information security 
officer at the Santa Rosa, 
Calif.-based bank. “The ones it 
doesn’t catch [during down- 
load], it catches when they try 
to go to the Internet,” he says. 
His staff then issues a trouble 
ticket to remove the spyware. 
Gligorea also plans to add Web 
filtering software and ISS’s 
Proventia Desktop to detect 


% 


At Philadelphia Stock Ex- 
change Inc., Gene Peters has 
been holding off on buying 
desktop antispyware tools, but he’s be- 
ing proactive at the network perimeter. 
His Web filtering software, from Surf- 
Control PLC, recently blocked a poten- 
tially dangerous spyware download. 
“We think it would have downloaded a 
Trojan,” says Peters, director of infor- 
mation services at the exchange. 

Fortunately, the spyware never got 
out of the Internet cache, but Peters is 
far from complacent. “We got lucky 
that [the Web site disseminating the 
spyware] was not a legitimate site in 
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CORPORATE IT organizations 
aren’t the only ones worried about 
spyware. With most attacks aimed 
directly at Windows, Microsoft re- 
sponded in the past year with the 
release of Windows XP Service 
Pack 2 and other patches de- 
signed to close some of the more 
glaring security holes through 
which spyware writers insert their 
applications on users’ machines. 
Pop-ups are now blocked. 
So-called drive-by downloads, 
where users could pick up spy- 
ware simply by viewing a Web 


page in Internet Explorer, are 
much more difficult to pull off. 
And other exploits, such as dia- 
log boxes that won't take no for 


an answer, are gone. 


Earlier this year, Microsoft 
acquired antispyware software 
maker Giant Company Software 
Inc. Its product, rechristened 
Microsoft Windows AntiSpyware, 
was released as a free beta on 
Jan. 16, and it already has about 
20 million users, says Paul 
Bryan, director of product man- 
agement for client security. An 


enterprise version is planned. 

Although Microsoft was criti- 
cized last summer for downgrad- 
ing its suggested action for some 
adware programs it detects from 
“quarantine” to “ignore,” Win- 
dows AntiSpyware has “pretty 
good preventive capabilities,” 

! says Gartner analyst John 
Pescatore. 

So is Windows a harder tar- 
get? Not really. Most of Windows 
SP2's security improvements 
have been “circumvented” by ad- 
ware developers, claims Thor 
Larholm, senior security re- 
searcher at PivX Solutions Inc. 
in Newport Beach, Calif. 

Pescatore agrees. “It’s still 
possible to go to a Web site, click 
on something and get a browser 
help object installed,” he says. 
Adware developers are not only 
moving forward with new tech- 


__ TECHNOLOGY 


niques, but they're also exploiting 
newly discovered vulnerabilities. 

Larholm has already run into 
one new technique. “In the last 
couple of months, we've seen a 
surge in the amount of spyware 
that uses rootkit technology to 
hide its presence from antispy- 
ware products,” he says. 

Bryan concedes that there’s 
only so much Microsoft can do. 
Windows Vista, due next year, will 
bring other improvements, such 
as the disabling of ActiveX con- 
trols by default and user account 
protection that requires standard 
users to get admin credentials be- 
fore they can install an applica- 
tion. But spyware is a moving tar- 
get. “What you see is a morphing 


' of spyware over time,” Bryan 


says. “It's getting trickier and 
more challenging to deal with.” 
- Robert L. Mitchell 


our URL list,” he says. This fall, he 
plans to evaluate desktop tools as a 
complement to his network defenses. 

Some 55% of survey respondents 
said they haven’t yet purchased enter- 
prise-class antispyware tools. GM’s 
Sanovic is waiting for enterprise anti- 
spyware offerings from the bigger se- 
curity software vendors to mature be- 
fore jumping in. “It’s difficult at first 
look to determine if a lot of the prod- 
ucts are ready for corporate environ- 
ments,” he says. Peters says the add-on 
products he’s tested from the antivirus 
vendors do offer centralized man- 
agement and reporting but haven’t 
been as effective as the single-user 
versions from smaller vendors. 

More than half of the readers sur- 
veyed ranked currently available tools 
as only “somewhat effective” 
at detecting, removing and 
preventing the installation of 
spyware. The tools received 
their highest marks for detec- 
tion but were seen as less ef- 
fective at removal and pre- 
vention. “Some [products] do 
a great job at detecting spy- 
ware but a horrible job at re- 
moving it. How good is that 
to me?” Peters says. As a re- 
sult, some organizations are 
using multiple tools to help 
address the problem. 

Ricky Stewart uses Spybot 
Search & Destroy and other 
stand-alone utilities in addi- 
tion to eTrust PestPatrol. 
“Spybot finds things that 
PestPatrol didn’t,” says Stew- 
art, who supports 350 users at 
Cornell University’s athletic 
department. “That’s why I’ve 
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always gone with multiple programs.” 

At this point, says Sanovic, “every- 
one is treading water, looking for the 
best you can get.” Fortunately, the 
products are improving rapidly. 

Most IT organizations aren’t excited 
about loading yet another security 
agent onto the desktop but see no al- 
ternatives. “You can’t have your help 
desk involved in trying to resolve hun- 
dreds of thousands of user problems,” 
says Sanovic. Antispyware and anti- 
virus software are also beginning to 
merge into a single client, says Gartner 
Inc. analyst John Pescatore. 

Meanwhile, the same signature- 
based detection technology is being in- 
tegrated into gateway products such as 
Blue Coat Systems Inc.’s Spyware Inter- 
ceptor and McAfee’s Secure Web Gate- 
way. While gateways can help 
0 prevent the installation of 

lo spyware in the office, they 
can’t prevent users who travel 
from bringing back spyware, 
nor can they remove it. Most 
organizations will require a 
combination of desktop and 
gateway tools to get the job 
done. But gateways won’t 
work in all cases. For Waters, 
the cost of procuring them for 
72 offices is just too high. 

Initial enterprise antispy- 
ware tools were also budget 
busters, but that’s changing 
rapidly. “We've seen the pric- 
ing of enterprise spyware 
deals drop very dramatically,” 
says Pescatore, from as much 
as $40 per seat to as little as 
$2 per seat. 

Waters says his deal 
worked out to a little under 


$8 per seat to cover 1,500 users. In the 
long run, as antispyware becomes just 


| another feature in security software 
| suites, the add-on pricing model could 


disappear entirely, he says. 
Software suites should also offer bet- | 
ter integration over time. Peters says | 
he’d like to see Web antispyware tools 
communicate with his Web content fil- 


ters so when spyware is detected on 
the desktop, the source Web site is au- 
tomatically added to the list of blocked 
URLs. “That way, you won't have the 
same process recurring,” he says. 

Ultimately, even the best antispyware 
tools can’t treat the root cause of the 
problem. As with antivirus software, 
vendors must continually update signa- 
tures to keep up with professional pro- 
grammers hired by adware developers. 
“The financial incentives in spyware 
are much greater than anything else ex- 
cept direct hacking,” says Sanovic. 

Wallace is disgusted by the problem. 
“I would like to see the people respon- 
sible for the spyware in a public execu- 
tion,” he says. But he’s resigned to the 
need for antispyware tools for the fore- 
seeable future. “I’m not happy that I 
have to spend money for licensing to 
keep my machines clean,” he says. “But 
I have to protect my systems and my 
users from this stuff.” @ 57567 


MORE ONLINE 


Survey results: To view the complete survey 


visit our Web site: QuickLink 57800 


Anatomy of a plague: How one spyware program 
serves as a launching pad for others to be installed 
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Antispyware venders try to 
identify spyware-and quan- 
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gram installs itself surrepti- 
tiously, what actions it 
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to remove. But the finer 
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Another approach is to 
use endpoint security 
products such as Secure- 
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As compute density has increased, tem- 
peratures have been rising in the data 
center. Hewlett-Packard Co.'s “Cool 
Team” is working on innovative ways to 
dissipate the heat. Lab inventions range 
from ink-jet pumps that spray coolant 
on hot chips to more efficient designs for 
computer room air-conditioning sys- 
tems. Cool Team founder CHANDRAKANT 
PATEL spoke with Computerwor!ld’s 
Robert L. Mitchell about how 

current research is making for 

cooler data centers. 


What is the Cool Team? It is a 
community of engineers across 

HP founded in 1996. The idea 

was to create a virtual team that 
can apprise each other of the 
challenges ahead and funnel re- 
search ideas and technologies at HP 
Labs out to the divisions. 


What research are you pursuing with regard 
to data center cooling issues? The data 
center is the next challenge. The ag- 
gregation of high-density, commodity 
servers in data centers will cause a 
problem from a management point of 
view. It’s akin to cooling a system en- 
closure, but now the enclosure is the 
data center, with the walls of the data 


center being the walls of the enclosure. | 


Fifty percent of the cost of a data 
center is associated with what I call 
burdened cost of power, which is all 
of this expensive power and cooling 
equipment that is needed to support 
the computers. 


How big of a burden is that in actual dollars? 
Let’s say you have 100 racks of servers. 
Each rack is on the order of 12 to 13 
kilowatts, [and] the power required by 
the servers is 1.3 megawatts. The pow- 
er required by the cooling resources to 
remove that heat generated is almost 





equal to that dissipated by the servers. 
So the air conditioning will take anoth- 
er 1.3 kilowatts of power. If you look at 
the cost of electricity today, 1.3 mega- 
watts at 10 cents a kilowatt-hour at 
24/7 operation is $1.2 million per year. 
This is quite significant. 

What we've said is, “OK, how do I 
reduce that by half?” If you can pro- 
vide products and services which [do 

that and] have a payback of one 
year, that’s a very compelling 
proposition. 


How do you do that? We look at 

the layout of the air condition- 

ing and we run a fluid-dynamics 

model. For this fixed distribu- 

tion of AC resources, how 

should the customer lay out the 
racks and the vent tiles, and how 
should they lay out their exhaust air? 
How do they do that minimally, with- 
out impacting the data center? We be- 
lieve we can get 25% savings. 


Where does the other 25% come from? 
In order to get energy savings, we can 
minimize the thermodynamic work. 
By that we mean, how do we make 
sure the compressor doesn’t work too 
much? How do we use sophisticated 
refrigeration systems that have the 
ability to change capacity, and how do 
we change the air flow? 

We can add this flexibility fairly 
easily. That’s needed to do dynamic, 
smart air conditioning. 


Isn’t retrofitting the air-handling system ex- 
pensive? It doesn’t mean you have to 
chuck out the air conditioner. You add 
the capability to change flow and tem- 
perature. 


What else is required? In a data center, 
{having just] one thermostat won’t 





work. In order to determine the need, 
we need a rich sensing environment. I 
have to give you x volume, x cubic me- 
ters of air at 75 degrees Fahrenheit, for 
example. I don’t want to give you any 
more — I don’t want to give you it at a 
lower temperature. 

Ideally, I want sensors on the inlet of 
every server. That’s not readily avail- 
able, so we can get a robot with a sen- 
sor on it and make it go along the 
aisles autonomously, with a wireless 
device to send us the information 
wirelessly. 

We have created algorithms that 
sense those points and send out new 
settings to the air conditioners. Based 
on that, the air conditioners change 
their capacity, and that gives us 
demonstrated savings of 50% in our 
data center here in Palo Alto. 


Why use a robot? I can provision the 
flow and temperature based on the 
needs of the rack, and the robot is a 
means to that end. I would like to un- 
derstand what is the tem- 
perature in the aisles, and 
it’s very hard to correlate 
that. The environment in 
the data center is so com- 
plex that there is no linear 
correlation between tem- 
perature at a given location and the 
[server air] inlet. The robot can be sent 
out to get fine-grained measurements 
in the aisles. 


How will the systems HP builds change to 
run cooler? In the future, systems will 
have the ability to change power set- 
tings — not only cooling, but power. 
Processors will have voltage frequency 
scanning, where there will be various 
power states. That’s flexibility I can ex- 
ploit. If an AC unit fails, why don’t I 
ask a given region in the data center to 
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scale its power down instead of having 
excessive redundancy, which costs me 
a lot of money? We call that smart re- 
dundancy. 

We have the ability to migrate com- 
pute workloads from one machine to 
another in the data center. I want to 
use every flexibility, from moving 
workloads to scaling power down to 
scaling air conditioning. All of this can 
be done quite easily. 


What else are you working on to make data 
centers more efficient? If you have to 
place a workload in a mix of data cen- 
ters around the world, I'd like to pick 
the right data center in the right part of 
the world in the right ambi- 
ent temperature. If New 
Delhi is sitting at 45 degrees 
centigrade, Phoenix might 
be sitting at 20 degrees. So I 
might choose to put all of 
my workloads in Phoenix 
because my compressors don’t have to 
work as hard. Then, inside the data 
center, I'd like to put the workload on a 
given row in a given rack, in a given 
system, in a given board, on a given 
processor, in a given core. I want that 
flexibility of cooling at the global level. 


When will these technologies be available? 
The static provisioning is already out 
there. All of these other things, we are 
now deploying in internal data centers. 
I foresee this happening in customer 
sites in a year or two years. @ 57258 
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MTBF 


DEFINITION 


Mean time between failures (MTBF) and the related 
mean time to failure (MTTF) are measures of 
hardware reliability, usually expressed in hours. 
They indicate in statistical terms the working life- 
time of a given component: The higher the figure, 
the more reliable the product. 


BY RUSSELL KAY 
T’S A CRUEL WORLD out 
there in the data center. 
Nothing lasts forever, espe- 
cially not mechanical de- 

vices with fast-moving parts, 

such as disk drives and print- 
ers. It would be very useful if 
we could predict when some- 
thing might break or, at the 
very least, determine which of 
two similar products would be 
less likely to break in a given 
period. The answer is MTBF, 
short for meantime between | 





failures, and the closely relat- 
ed MTTEF, short for 
mean time to failure. 
Both are measures of 
reliability that are de- 
fined statistically as 
the number of hours a 
component, assembly or sys- 
tem will operate before it fails. 
MTTFE and MTBF are some- 
times used interchangeably, 
but they are in fact different. 
MTTF refers to the average 
(the mean, in arithmetic 
terms) time until a component 
fails, can’t be repaired and 
must therefore be replaced, or 
until the operation of a prod- 
uct, process or design is dis- 
rupted. MTBF is properly 
used only for components that 
can be repaired and returned 
to service. This introduces a 
couple of related abbrevia- 
tions occasionally encoun- 
tered: MTTR (mean time to 
repair) and, less common, 





MTTD (mean time to diag- 


nose). With those notions in 
mind, we could say that MTBF 
= MTTF + MTTD+ MTTR. 


Calculating MTBF 


| MTBF sounds simple: the to- 


tal time measured divided by 
the total number of failures 
observed. For example, let’s 
wring out a new generation of 
2.5-in. SCSI enterprise hard 
drives. We run 15,400 initial 
units for 1,000 hours each 
(thus our tests take a little less 
than six weeks), and we find ll 
failures. The MTBF is (15,400 
x 1,000) hours/Il, or 
1.4 million hours. 
(This is not a hypo- 
thetical MTBF; it rep- 
resents current drive 
technology in 2005.) 
What does this calculation 
really mean? An MTBF of 
1.4 million hours, determined 
in six weeks of testing, cer- 
tainly doesn’t say we can ex- 
pect an individual drive to 
operate for 159 years before 
failing. MTBF is a statistical 
measure, and as such, it can’t 
predict anything for a single 
unit. We can use that MTBF 
rating more accurately, how- 
ever, to calculate that if we 
have 1,000 such drives operat- 
ing continuously in a data 
center, we can expect one to 
fail every 58 days or so, for a 
total of perhaps 19 failures 
in three years. 
The MTBF figure for a 
product can be derived from 


| 





laboratory testing, actual field 
failure data or prediction 
models such as MIL-HDBK- 
217 (the Military Handbook for 
Reliability Prediction of Elec- 
tronic Equipment, published by 
the U.S. Department of De- 
fense). 

MIL-HDBK-217 contains 
failure-rate models for various 
parts used in electronic sys- 
tems, such as integrated cir- 
cuits, transistors, diodes, resis- 
tors, capacitors, relays, switch- 
es and connectors. These fail- 
ure-rate models are based on a 
large amount of field data that 
was analyzed and simplified 
by the reliability Analysis 
Center and Rome Laboratory 
at Griffiss Air Force Base in 
Rome, N.Y. (Instructions for 
downloading MIL-HDBK-217 
are at www.t-cubed.com/ 


faq_217htm.) @ 57773 


Kay is a Computerworld con- 
tributing writer in Worcester, 
Mass. You can contact him at 
russkay@charter.net. 
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uses the word mean, an 
arithmetic average. This has 
led some people to interpret 
MTBF as the time (on aver- 
age) when half the items will 
PURE Mao eer roe 
failure occurs at a constant 
rate during an item’s lifetime, 
and in fact MTBF makes just 
Pee CMe Um Ute) 
eee em mer RR Ue 
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For example, many elec- 
tronic components may expe- 
rience a relatively high failure 
rate in their first few hours 
of operation and then operate 
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Thus, the failure rate at 
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express as the probability of 
failure prior to a specified 
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ure rate for ever-smaller time 
intervals during the projected 
life span, we can determine 
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tion, the instantaneous failure 
rate at any point in time. 
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failure profile shared by many 
mire me hU emits) 
especially complex systems - 
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its thousands of parts. This 
EPeLM ime tml) 
“bathtub” curve because of 
its shape, and it’s character- 
ized by three distinct phases: 
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ure rate, basically represent- 


ing random failures. 


Cm RU emma) 
TCR Cm ei Oe UC 
product wears out. 
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number of items that need fix- 
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installation or a hidden defect 
in a part. (Since these are 
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they’re often an annoyance 
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lem, but that’s a different is- 
sue.) After the newness wears 
off, while the car is still rela- 
tively young and doesn’t 
have too many miles on it, 
it’s rarely out of commission; 
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likely to be caused by random 
events, such as an accident 
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a number of parts wear out - 
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then fail or wear out. At this 
stage, the car spends more 
and more time in the repair 
shop. If we graph the inci- 
dence of failures (repairs) 
against time, we get the 
characteristic bathtub- 
Revs ea adem 


Be Beg 


™ Ubserved 


FAILURE RATE 


ae Sg eS ee 
FAILURE RATE §% FAILURE RATE $8 FAILURE RATE 





a 


COMPANIES 
Va 
SAP HAVE 

2% MORE 
Te ee 


"SOUNDS JeyRO JeL0R8s pur KuRMLAD UI OY GYE 10 H}euOpey perqEBe: pur RYEWERER e4 O80) g¥S 04) MF G¥S OV d¥S S000. 


ee yy la 
mS ee he 


A recent study of companies listed on NASDAQ and NYSE found that companies that run SAP are 32% 
more profitable than those that don’t* Fact is, SAP® software solutions make businesses of all sizes more 


efficient, more agile and more responsive. We invite you to see for yourself. Visit www.sap.com/results 





32 __ COMPUTERWORLD October 31, 2005 


Geeks 


A STROLL THROUGH THE TECHNOLOGY LANDSCAPE 
The San Francisco Bay region has a 25% 
chance of a Magnitude 7 or greater earthquake 
in the next 20 years and a roughly 1% chance of 
such an earthquake each year, according to the 
“Virtual California” computer simulation. 

The Virtual California approach to earth- 
quake forecasting is similar to the computer 
models used for weather forecasting, said 
John Rundle, director of the Computational Sci- 
ence and Engineering Center at the University 
of California, Davis, who has developed the 
model with colleagues from the Jet Propulsion 
Laboratory and other institutions. An earlier 
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around the San Andreas fault. 


effort to forecast earthquake hazards, the U.S. 
Geological Survey's Working Group on Califor- 
nia Earthquake Probabilities, used records of 
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Long-Distance Learning 
To the WiMax 


InU.S. cities and suburbs, high-speed wireless 
Internet connections are becoming more com- 
monplace, making “anytime, anywhere learning” 
for students a viable concept. But that kind of ac- 
cess and the opportunities it provides aren't yet 
available in most rural areas. 

Asolutionis in sight, however. Atop a remote 
mountain near Missoula, Mont., engineers at the 
Georgia Tech Research Institute (GTRI) recently 
demonstrated the video streaming, Web surfing 
and e-mail capabilities of WiMax wireless techno!- 
ogy, whichis based on the IEEE 802.16 standard. 

WiMax is a set of standards for delivering point- 
to-point, as well as point-to-multipoint, wireless 
broadband connectivity. 

In rural areas, the cost to lay fiber for wired 
broadband service is about $200,000 or more per 
mile, an investment that communications compa- 
nies typically don’t want to make because they 
can't recoup their money within several years. 

“But with WiMax, an Internet service provider 
that wants to reach a small community up to 30 


past earthquakes to calculate the probability of 
future ones. 

The Virtual California model includes 650 
segments representing the major fault systems 
in California, including the San Andreas fault re- 
sponsible for the 1906 San Francisco earth- 
quake. The simulation takes into account the 
gradual movement of faults and how they inter- 
act with one another. 

The researchers used the model to simulate 
40,000 years of earthquakes in California. 
They found almost 400 major (Magnitude 7 or 
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miles away can set up a wireless link for thousands 
of dollars rather than hundreds of thousands,” 
says Jeff Evans, a GTRI senior research engineer 


' wholed the demo team. “You can quickly provide 
* along-haul link of 7OMbit/sec. and then deploy 
: alocal WiMax radio to provide up to several 


megabits per second to each home in the area - 
giving you DSL speeds ata reasonable cost.” 
WiMax-capable equipment for fixed-location 


* connections is expected to be readily available in 
, themarket by the end of this year. Meanwhile, a 


new mobile WiMax standard, 802.16e, is expected 
inlate 2006, with compatible equipment available 


; in2007. 


above) earthquakes at an average interval of 
101 years. The simulation data indicates a 25% 
chance of another such earthquake in the next 
20 years, a 50% chance in the next 45 years 
and a 75% chance by 2086. 

The latest work is published in Proceedings 
of the National Academy of Sciences of the 
United States of America. @ 57587 
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There are no surprises in first three spots 
on this list of the top 12 spam-relaying 
countries, as ranked by the percentage of 
the world’s spam they generate. But the 
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Making the Move 
FromIDStoIPS 


The benefits of moving from an intrusion- 
detection system to inline intrusion- 
prevention technology outweigh the 
drawbacks. By Mathias Thurman 


HE product life-cycle 

management project 

I mentioned in my last 

article has been quiet as 
the project management team 
evaluates everyone's input to 
the evaluation documentation. 
I’m taking this opportunity 
to spin up a project to move 
from our current intrusion- 
detection system (IDS) to an 
intrusion-prevention 
system (IPS). 

I’ve been contem- 
plating this for a 
while but have hesi- 
tated because once 
my department 
places a device inline 
with other network gear, we 
become another bump in the 
wire and have certain respon- 
sibilities in regards to network 
availability. 


IDS vs. IPS 


As many of you know, an IDS 
typically sits on a monitoring 
port, sometimes called a 
SPAN port (in the Cisco 
world), and is passive by na- 
ture. The IDS device sits in 
promiscuous mode and listens 
to the network traffic passing 
by, and when something ab- 
normal occurs, it sends alerts 
on the suspicious activity as 
defined by configured rules. 
Take that same IDS sensor 
and place it inline so that all 
network traffic must pass 
through it, and you have an 
IPS. So basically, an IPS is 
nothing more than an IDS that 
has some additional function- 
ality and is positioned in a dif- 
ferent place on the network. 
The rules, signatures, alerts 
and reporting are typically 
all the same. Even Snort, the 
freely available IDS, has its 
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own term, “Snort inline,” for 
what is essentially intrusion 
prevention. 

My reasoning for moving to 
IPS is pretty straightforward. 
Only a couple of people report 
to me, and they are bogged 
down with projects and daily 
security activities. I'd like to 
have a full-time person to 
monitor the IDS and respond 
to events, but I can’t 
afford that. Mean- 
while, we continue 
to respond to worms 
and other suspicious 
activity after the 
fact, either placing 
rules in the firewall 
or visiting all the affected 
desktops. And we can’t count 
on our antivirus infrastructure 
either. One recent worm, 
W32/PrsKey-A, ran rampant 
in our network for several 
days before our antivirus ven- 
dor finally produced a signa- 
ture, and that happened only 
after we sent the vendor an 
infected file for evaluation. 

As an aside, we were able to 
do our own evaluation of the 
worm’s code and its impact. 
Through that evaluation, we 
were able to determine the 
files and registry settings that 
the worm modified, the vector 
that it used to propagate and 
| the ports it was using to open 


Being inline, a failed 
IPS device essentially 


| 
| 
| 





blocks traffic from 
leaving the network. 


a back channel. Creating a sig- 
nature in our IDS would give 
| us the ability to detect the 
worm’s presence, but unless 
we were willing to generate 
TCP resets, we wouldn’t be 
able to stop the worm from 
propagating. TCP resets, or 
“session sniping,” can be used 
within an IDS to stop mali- 
cious activity. But in my expe- 
rience, they’re a dangerous 
proposition, since they can 
easily be abused and can 
negatively affect the perfor- 
mance of the IDS. An IPS, on 
the other hand, being inline, 
would allow us to place spe- 
cific rules to actually block 
malicious code. 





Enforcing, Reporting 
In addition to malicious-code 
mitigation, an IPS can assist 
in the enforcement of an 
acceptable-use policy (AUP). 
Currently, our AUP bars em- 
ployees from using peer-to- 
peer file-sharing applications 
like Napster, Kazaa and Bit- 
Torrent. We also have policies 
against tools such as Skype, a 
free Internet phone service 
that uses a ton of bandwidth. 

With an IDS, we can detect 
the use of these applications, 
and we can block some of the 
associated ports and destina- 
| tions on our firewall. But 
some of the tools don’t allow 
us to just put some firewall 
rules in place and block the 
application. For some of the 
applications, we need to in- 
spect the traffic and set block- 
ing rules based on the TCP/IP 
packet payload vs. ports and 
destinations. 

This is where an IPS comes 
in handy. We can put rules in 
place to block unauthorized 
applications, and we can col- 
lect statistics and report on 
how much traffic is caused 
by unauthorized applications. 
That kind of data, of course, 
is great stuff to be able give 











| to your CIO. CIOs like to have | 
| in hand the information that, 
say, 60% of network traffic 


is related to AUP violations. 
That sort of thing provides for 


| great return on investment, 

| which is always a challenge 

| within the information secu- 
| rity field. 

| Ofcourse, intrusion preven- | 


tion isn’t without its short- 
comings. Being inline, a failed 
IPS device essentially blocks 


| traffic from leaving the net- 


work. Therefore, it’s impor- 
tant that we choose an IPS 
that has the ability to fail 
closed, meaning that it will 
let traffic pass (closed in the 
sense of an electronic circuit 
— I’m an engineer at heart). 
The drawback to this, from 
the security manager’s point 
of view, is that you would have 
no protection from malicious 
activity if a failed IPS device 
allowed ail traffic, good and 
bad, to pass. 

However, sometimes you 
have to bite your tongue to 
appease the network engi- 
neers and other IT depart- 
ment heads. I’m willing to 
take the risk that we open 
ourselves up for a short peri- 
od of time rather than face the 
loss of revenue and productiv- 
ity that would result if thou- 
sands of employees couldn’t 
do their jobs. Nonetheless, 

I reserve the right to change 
my mind. 

We're looking at products 
from Sunnyvale, Calif.-based 
Juniper Networks Inc. znd Co- 
lumbia, Md.-based Sourcefire 
Inc. At this stage, Juniper is 
appealing, since we're already 
using that company’s firewalls 
and have a decent support re- 
lationship with it. 

As an added benefit, we 
may be able to get away with a 
single console to manage both 
the firewalls and the IPS. The 
last thing I need is another 
management console. B 


WHAT DO YOU THINK? 


This week's journal is written by a real secu- 
rity manager, “Mathias Thurman,” whose 
name and employer have been disguised 

for obvious reasons. Contaci him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@computerworld.com/secjournal 
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Gray Hat Hacking: The Ethical 
Hacker's Handbook, by Shon 
Harris, Allen Harper, Chris 
Eagle, Jonathan Ness and 


to be the same. It’s how you 
approach the task that differ- 
entiates the various shades. 
The only part I'd criticize is the 
discussion of programming 
and writing hacking exploits, 
which assumes that the reader 
has previous knowledge of the 
subject. | recommend this 
book to anyone responsible for 
penetration testing, but it’s 
also a good read for general 
security practitioners. 

- Mathias Thurman 


Court Stays Order 
To Shut Down Sites 


One day after it was ordered to 
disconnect much of its net- 
work and Web sites from the 
Internet because of IT security 
concerns, the U.S. Depart- 
ment of the Interior received 
an administrative stay from 
the U.S. Court of Appeals for 
the District of Columbia Cir- 
cuit. Officials from the depart- 
ment had asked that they be 
allowed to temporarily put off 
complying with an order is- 
sued Oct. 20 by U.S. District 
Court Judge Royce C. Lam- 
berth. Lamberth ruled that de- 
spite attempts to improve IT 
security over the past five 
years, the Interior Department 
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Black Duck Offers 
ProtexIP 3.0 


® Black Duck Software Inc. in 


Waltham, Mass., released Version | 


3.0 of its ProtexIP compliance 
management software suite. The 
product incorporates enhanced 
capabilities for analyzing propri- 
etary, open-source and third- 
party software for license compli- 
ance by corporate users, accord- 
ing to the company. It also in- 
cludes an expanded repository 

of software projects and license 
information, as well as a string 
search feature that lets users find 
keywords or phrases in the target 
code base. ProtexIP/development 
Professional Edition starts at 
$9,500; the Enterprise Edition 
starts at $25,000. 


Nemx Upgrades 
Security Software 


@ Nemx Software Inc. in Ottawa 
has released Version 2.0 of 
SecurExchange. It includes new 
enterprise compliance and secure 
mail capabilities, giving business- 
es more control of their Microsoft 
Exchange environments, Nemx 
said. New features include real- 
time monitoring of content within 
message attachments and the 
Concept Builder module, which 
enables organizations to create 
and manage acceptable-use poli- 
cies. Pricing starts at $17 per 
user for 100 users. 


EMC Connectivity 
Monitor Released 


@ EMC Corp.’s Smarts division 
announced Application Connectiv- 
ity Monitor 2.0, which is designed 
to automatically discover distrib- 
uted TCP-based applications and 
monitor them for availability. It’s 
the first separate release of the 
software, which EMC gained 
when it acquired System Manage- 
ment Arts Inc. in February. The 
new version improves usability 
and increases the number of soft- 
ware checks that can be made, 
EMC said. The price is $40,000 
to monitor 100 servers, and $100 
for each additional server. 
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enSolaris Has a 
g Up on Linux 


F THERE’S ONE ASPECT of Linux that has led to 
its popularity, it’s the ability of suitably enthused 
individuals to produce their own distribution. 
That feature has spawned thousands of different 
solutions and, in turn, has led to the creation of 
numerous tools, products and companies that have 
furthered the progress of Linux. For example, the Red 


Hat Package Manager (RPM) system was introduced to 


help install the packages 
that make up Red Hat Inc.’s 
system. Today, most Linux 
software is distributed in 
RPM format, even if your 
system isn’t necessarily 
Red Hat-based. 
The distribution model 
of Linux has also spawned 
many companies: Red Hat, 
SUSE (later bought by Nov- 
ell) and others that would 
not exist without Linux. 
What made all of this 
possible? Well, the “free” 
part of open-source, of course. Be- 
cause we can use, modify, combine 
and redistribute different products, we 
can easily produce a distribution that 
contains the elements we want. Linux 
isn’t really an operating system; tech- 
nically, Linux is simply the kernel that 
allows other bits to work. The Linux 
operating system is really a distribu- 
tion of the Linux kernel and a collec- 
tion of other software that makes it 
work — the compiler, file-system utili- 
ties, shells, user interfaces and so on. 
Collectively (and technically incor- 
rectly) we call this collection “Linux.” 
This incorrect labeling leads to a se- 
ries of other problems, one of which is 
the generic use of the term to refer to 
a wide range of operating systems that 
aren’t always compatible with one an- 
other. Minor differences in applica- 
tions, libraries and the configuration 
of the systems may mean that precom- 





piled software (including 
many commercial applica- 
tions) for one Linux distri- 
bution may not work with 
another. This has compli- 
cated the distribution of 
software — a critical prob- 
lem for a new operating 
system — and also admin- 
istration, as skills can’t 
always be easily migrated 
because of the differences 
between the distributions. 
The Linux Standard Base 
(LSB) project is addressing 
the issue of incompatible distributions. 
By standardizing on the components 
that make up Linux, LSB will improve 
software compatibility and the ability 
of administrators to migrate their skills 
to other Linux-based distributions. 


A New Alternative 
We now have a new player in the field: 
OpenSolaris. Here we have the public, 
source-based launch of an operating 
system with a great history of com- 
mercial development and deployment. 
Solaris, the source of the OpenSolaris 
code, has a large existing base of cus- 
tomers that use the operating system 
in everything from network servers 
that support the Internet to the mas- 
sive servers that produce your credit 
card statements. 

Compared with most operating sys- 
tems, Solaris is old. And while you 
might think its age makes it unattrac- 





tive, from a business perspective, that 
history makes it wise. Solaris has a 
heritage that other operating systems, 
Linux included, can only dream of. So- 
laris has 23 years of commercial devel- 
opment behind it, and that means a 
dedicated team of programmers, not a 
group of enthusiastic volunteers. 
That’s 23 years of optimizing and im- 
proving the operating system — years 
of trials and tests to determine the 
most sensible layout of files, compo- 
nents and applications. Solaris is a 
Unix operating system with a standard 
set of rules for how it works. 

OpenSolaris provides the same flexi- 
bility and capability to produce distrib- 
utions that we have with Linux. The 
creation of OpenSolaris-based distribu- 
tions has already started. It’s just a cou- 
ple of months into the project, and al- 
ready there are two OpenSolaris-based 
distributions, Schillix and BeleniX. 
OpenSolaris-based distributions are al- 
ready binary-compatible with existing 
Solaris applications, and vice versa. 

The incompatibilities between dis- 
tributions that have plagued Linux 
for so long aren’t an issue with Open- 
Solaris-based distributions. The rea- 
son is simple: A Linux distribution is a 
kernel combined with other tools, but 
OpenSolaris is an operating system in 
its own right; it doesn’t need addition- 
al tools to make it work. 

For Linux, we’re trying to push 
many distributions through to com- 
press them into a standard. With 
OpenSolaris, we are already at the 
small end of standardization. What 
will follow is more OpenSolaris distri- 
butions spreading out from that core. 

Only time will tell whether the ap- 
proach will work for Sun and Solaris 
in the long run. @ 57509 
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“Computerworld’s approach of using 

real-world testimonies is really the key. If | 
wanted a vendor opinion, I’d call a vendor up ... 
so when I see my peer talking about security 
challenges and when | see my peer talking about 
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4 guidance from the Information Tech- 
nology Infrastructure Library (ITIL), 
P&G reboots servers immediately and 
restores service within minutes. The 

root-cause analysis follows, out of 
view of users. 

“We saw a large decrease in the time 
that customers were waiting for ser- 
ITIL helped Procter & Gamble’s IT department vices to come back up,” says Kevin 
“present a better face to the customer,” says z| McLaughlin, security system manager 
security system manager KEVIN McLAUGHLIN =| at P&G. “With ITIL, we might have 

been having the same number of is- 

ially, but [users] didn’t feel 

IT SEEMED a reasonable approach at them like in the past. It helped IT pre- 
the time. Whenever a server went sent a better face to the customer.” 
down, the IT operations people at The Presenting a better face to users is 
Procter & Gamble Co. tried to figu at the heart of ITIL, a collection of 
out why. They did root-cause analysis procedures and best practices for IT 
in order to discover the origin of the services management and operations. 









problem and fix it. Then they brought Developed in the late 1980s by the 
the server back up. | British government and popular in 
Trouble was, users had to cool their Europe throughout the ’90s, ITIL has 
heels in the meantime, losing | more recently caught fire in the U.S. 
e-mail service or reporting Although there are alternatives, ITIL 
capabilities for as long as an _ is becoming the tool of choice for stan- 
hour. But now, thanks to | dardizing, integrating and managing 
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One impetus for the refresh, says Childers, is to add more 
implementation detail in the form of templates. that would speci 
fy which information to record, which metrics to capture and 
so on 
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and the Integrated Product Development Capability Maturity 
Model. A collection of best practices for software develop- 
ment and maintenance. 


The staffers at 
in McLean, Va., also see Cobit as the foundation of their 
IT quality programs. The company has overlaid ITIL, 
aOR AN GV imesheeie i rcWcluea ele pe CU ONo im ovens) a Me) sli mceniarle 
terminology can be standardized across all of them, says 





Astatistical process-improvement method that 








focuses on quality from-a customer's or user's point of view. De- 
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Eames Merl met cul cemUelC hora 
standards (ISO 9000, 9001 and 9004) for quality- management 5 
systems. Intended to ensure control, repeatability and good 


documentation of processes (not products). 


IT service delivery. According to a sur- 
vey by Cambridge, Mass.-based For- 
rester Research Inc., as of a year ago, 
12% of $1 billion companies had adopt- 
ed some portion of ITIL, and one-third 
said they were getting started on ITIL 
or were considering using it. 

P&G was an early adopter of ITIL in 
the U.S. six years ago. The company 
started with two of the 10 ITIL compo- 
nents — incident management and 
configuration management — and has 
since adopted components for prob- 
lem management, change management 
and help desk management. Along the 
way, P&G outsourced much of its IT 
service delivery to Hewlett-Packard 
Co., and ITIL practices are now in 
place at both companies. 

McLaughlin says HP’s use of ITIL 
was “one of the factors in their getting 
the outsourcing deal. 


All About Risk 

Fifth Third Bank in Cincinnati started 
with ITIL’s components for incident, 
change and configuration management 
just a year ago. The bank considered 
other quality frameworks, such as the 
audit-focused Cobit (Control Objec- 
tives for Information and Related 
Technology), as well as operational 
standards from the Federal Financial 
Institutions Examination Council. “We 
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felt that for what we wanted to accom- 
plish, ITIL fit perfectly,” says Eric 
Strunk, system vice president for ser- 
vice management. 

At the time, the bank had separate 
change processes for hardware, soft- 
ware and infrastructure, and its leader- 
ship felt ITIL would give them a uni- 
fied view of those, Strunk says. 

“We made 30,000 changes in 2004,” 
he says. 
a change? We needed a better way of 
managing that. Being a bank, we are all 
about managing risk.” 

The bank also wanted to link its 
processes for incident and change man- 
agement more tightly so as to help it 
pinpoint the causes of outages. “It al- 
lows us to narrow the search and very 
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quickly get the right people to [ana- 
lyze] the event,” Strunk says. 

He says the bank is currently devel- 
oping metrics to help it measure the 
benefits of its investments in ITIL. He 
hopes to plot the relationship over 
time of change volume against the fre- 
quency and duration of outages. “You 
can’t prove what you don’t measure,” 
Strunk says. 

ITIL practitioners say that’s a key to 
success with any quality-improvement 
effort. “As soon as you start, get met- 
rics immediately,” advises Brian 
Childers, a member of the board of di- 
rectors of IT Service Management Fo- 
rum USA (ITSMP), a coalition of ITIL 
users and software vendors. “As you 
get down the road, people will ask you 


m Look for software tools to automate 
ITIL processes, especially those that help 
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m Recognize that ITIL is a multiyear effort. 
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duplicate metrics,” he says. “And it's a way to ensure 

o clari vas that our metrics are supporting all the frameworks we 
nd business benefits.” need to be successful.” 
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what you’ve been doing since x time, 
and the failure to capture metrics at 
the very beginning makes it difficult to 
answer that question.” 


Integrating Excellence 

IT operations were fragmented at 
EarthLink Inc. two years ago — each of 
the company’s service areas had its 
own processes for IT service-level 
management. “People were practicing 
good process for particular areas,” says 
Willa Fabian, an IT vice president at 
the Atlanta-based Internet services 
provider. “But there was no way to 
look at things as a whole.” 

Paradoxically, those pockets of oper- 
ational excellence turned out to be a 
challenge to bringing in ITIL, Fabian 
says. “It’s a huge cultural change to say, 
‘I know you are practicing good proc- 
ess in your particular area, but now 
we all have to come together and do it 
one way.” 

EarthLink was able to head off much 
of the anticipated resistance by having 
a workshop very early in the move to 
ITIL with about 40 of the company’s 
“best thinkers” in IT engineering and 
operations, she says. 

A decision to embrace ITIL wasn’t 
dictated by a senior manager but 
emerged from the workshop partici- 

Continued on page 42 
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Deerfield Beach, Fla., says the tools are often 
rigid and difficult to tailor to specific needs. 
And the ability to produce IT!L-compliant 
performance reports “is a common void in 
mosi support tools,” he says. “Producing a 
useful report requires an export of ticket data 
to a spreadsheet or a third-party database 
reporting tool. Both options increase com- 
plexity,” he explains. 

“The tools are still in their infancy,” says 
Kevin McLaughlin, security system manager 
at Procter & Gamble. He says it’s easy to find 
a tool that will support some small number of 
ITIL functions, but a company wishing to au- 
tomate support for all of ITIL will require 
multiple software products. 


rity. “In today’s environment, as security-conscious as we are 
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more at the forefront,” he says. 

Willa Fabian, an IT vice president at Earth- 
Link, agrees. “We kind of had to invent our 
own security management implementation,” 
she says. “Even today, that’s a pretty weak 


ANDY SNOW 


\ a i 
& In today's envi- 
ronment, as 
security-CONSCIOUS aS 
we are and as many 
attacks as companies 
get, security should be 
more at the forefront. 


Fabian says she'd like to see ITIL include 
more implementation specifics. “Instead of 
just, ‘Release management is a good thing,’ 
there isn't really a lot about how to define it in 
an operational way that people can act upon,” 
she says. 

And George Spaulding, a consultant at ITIL 
consultancy Pink Elephant, faults ITIL for its 
weakness in knowledge management. 

Many ITIL components, such as service 
desk, incident and problem management, 
require a historical repository of incidents, he 


says. But ITIL doesn’t say how to create it, 


security system manager, 
Procter & Gamble 


what should be in it and where to get the infor- 
mation. “It’s just assumed you'll have a knowl- 


edge base of incidents, with resolution and 
McLaughiin says ITIL itself is weak in its treatment of secu- fixes,” he says. “Many of the ITIL tools have knowledge man- 


and as many attacks as companies get, security should be 


Continued from page 40 

pants. “It was a huge change, but we 
could always tie it back to, ‘This came 
from your recommendations,” Fabian 
says. 

After the workshop, corporate-level 
“process owners” were named for 
each major ITIL area — change man- 
agement, problem management and so 
on — and corresponding subprocess 
owners were named within each of 
EarthLink’s service departments. As 
ITIL was rolled out, regular meetings 
among these people ensured consis- 
tency across the entire company, ac- 
cording to Fabian. 

Forrester analyst Jean-Pierre Gar- 
bani recommends that companies take 
a very flexible approach to ITIL. Oth- 
erwise, he says, ITIL will suffer the 
same fate as some of the ideas for soft- 
ware development process improve- 
ment from the 1980s. “There was the 
creation in companies of ‘process po- 
lice, and the result was that no one is 
using those process improvement 
methodologies anymore,” he says. 

Instead, “send a couple of guys to 
get certified and use them as resident 
experts,” says Garbani. “Lead a couple 
of seminars to initiate the company to 
ITIL. Make sure people understand 
that the library is there for reference, 
and use it as a source of education.” 





While the degree to which compa- 
nies embrace ITIL varies considerably, 
any reasonably rigorous adoption of 
ITIL is no small job. Fifth Third Bank, 


| whose IT budget is $250 million, spent 


$1.2 million in the first year to imple- 
ment three ITIL processes. “We still 
have a long way to go,” Strunk says, 
adding that the whole thing will take 
three to five years total. 


Taking Stock 


Most ITIL practitioners say it’s essen- 
tial to do a thorough self-assessment 
at the beginning, both to pinpoint 
those areas most in need of improve- 
ment and to establish a baseline to 
measure improvements against. 

The assessments can range from in- 
expensive in-house efforts, based on 
free templates from the ITSMF, to six- 
figure consulting engagements, says 
Tom Lydon, service desk and data cen- 
ter manager at Thomson Legal & Reg- 
ulatory, an Eagan, Minn.-based unit of 
The Thomson Corp. that provides in- 
formation services to professionals in 
the legal, tax and accounting fields, 
among others. 

Lydon says ITIL “foundation” train- 
ing, based on a three-day course, got 
the middle tier of IT managers at 
Thomson well on board. But that’s not 
enough. “One of the things we strug- 





agement built in, but it’s a function ITIL doesn’t really address.” 
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gle with is we have to continually sell 
the need for process investments up 
the chain,” he says. 

Despite the difficulties, George 
Spaulding, executive consultant at 
Pink Elephant, a Toronto-based ITIL 
consultancy, cautions against buying 
ITIL support software right away. 
“Tools will not make process; they will 
just automate your existing process,” 
he says. 

Another temptation is to start your 
ITIL initiative by building a configura- 
tion management database. The data- 
base is “the center, the one place where 
everything in ITIL intersects,” Spauld- 
ing says. But he suggests that you hold 
off if you don’t have one already. 

“Wait until you have put in a couple 
of processes, like service desk, inci- 
dent and problem [management],” he 
says. Why? A configuration manage- 
ment database does nothing in isola- 
tion; it’s useful only as it supports oth- 
er processes. 

Meanwhile, P&G’s McLaughlin ad- 
vises being patient and persevering 
while moving to ITIL. “It’s very time- 
consuming to get technologists to un- 
derstand that it’s OK to reboot a serv- 
er without understanding immediately 
why it went down,” he says. “There’s a 
lot of retraining, a lot of cultural 
change.” @ 57555 
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HOW DO YOU MANAGE 
IT SERVICES PROCESSES? 


(multiple responses allowed) 


ITIL 39% 


61% 
Other methods 59% 


HOW CRITICAL 1S ITIL T0 
IT PROCESS MANAGEMENT? 


pra Te 
Not at all 


Notso critical 


critical 
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Somewhat 
Critical 


45% 


Very critical 


HOW WELL DO YOU UNDERSTAND ITIL? 


Understand at conceptual 
and detailed 
level 


Never heard 
of ITIL 


94% 11% 


Familiar only at 
conceptual level 


Heard of 
ITIL but don’t know 
much about it 


BASE: 195 GLOBAL IT PROFESSIONALS 
SOURCE: INTERNATIONAL NETWORK SERVICES INC., 
SANTA CLARA, CALIF., SEPTEMBER 2004 


WHAT MODELS ARE YOU PLANNING TO 
STANDARDIZE ON FOR IT OPERATIONS? 


ITIL only 31% 
ITIL and ISO 9000 or Six Sigma 19% 
ITIL and Cobit or CMM 13% 
Six Sigma only 7% 
Cobit only 4% 
CMM only 3% 
1S0 9000 only 3% 

Ailof the above 1% | 

None of the above 19% I 





YOUR JOB IS TO KEEP SYSTEMS AND APPLICATIONS RUNNING. 
OUR MISSION IS TO KEEP PEOPLE AND INFORMATION CONNECTED. 
LET’S WORK TOGETHER. 


Continuous access to information no matter what. That's 
Information Availability. It's what your employees, suppliers and 
customers demand every minute of every day. But to deliver it 
flawlessly, you need a massive global infrastructure, redundant 
systems and diverse networks being monitored and supported 
by skilled technical experts at secure facilities. That’s exactly 
what SunGard provides. 


As a result, we can offer you a higher level of availability and 
Save your company, on average, 25% versus building the 
infrastructure yourself. Plus, it’s a vendor neutral solution that 
lets you control your data,applications and network while giving 
you the flexibility to adjust to the changing needs of your 
business. But best of all, it lets you spend more time solving 
business problems and less time solving technical problems. 


For years, companies around the world have turned to 
SunGard to restore their systems when something went 
wrong. So, it’s not surprising that they’re now turning to us 
to mitigate risk and make sure they never go down in the 
first place. 


You want your network and systems to always be up and 
running. We want the same thing. Let’s get together. To 
learn more, visit www.availability.sungard.com or call 
1-800-468-7483. 
| Keeping People 
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Top Reads 


We've all seen the polls that show C++ and 
Java to be in great demand right now. So, 
what are IT professionals reading? Appar- 
ently, many of them are boning up on 
these hot skills. The top five books 
accessed from the ITPro section of 
Books24x7.com recently: 


pend 
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THON, by Todd Lammle (Sybex, 2005) 
Page compiled by Jamie Eckle. 





I’D BE A CHICKEN, SO 
THAT | MIGHT BECOME 
CHICKEN SOUP 


Liz Ryan lays into some “Stupid Interview 
Questions” in a Sept. 21 column on Business 
Week Online. Some of the questions are obvi- 


| ous in their inanity (“If you were an animal/a 


can of soup/some other random object, which 
one would you be?”), but what does she have 
against “What in particular interested you about 
our company?” Ryan acknowledges that it’s a 
reasonable question on one level, but she says 
that for most of us, “the most appealing thing 
about any job is that you got the darned inter- 
view.” As Ryan writes, “Come on, people! There 
are millions of thoughts in the human brain. Can 
we change the ones we use in job interviews 
every decade or so?” 
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Presland-Byrne 


YT (el and (12) 
Pelgceey(e(elaL 


Ort a ad 
wide Servicing Systems Develop- 
ment unit, Countrywide Financial 
Corp., Calabasas, Calif. 


CEU thts) Mm ULM US) 
guest Premier 100 IT Leader, an- 
swering readers’ questions about 
certification, choosing course 
Ne UM eee ie mere ma 
NOURI N cme Me i (ry eM OOM OIL Com Ce) 
pose to one of our Premier 100 IT 
Leaders, Send it to askaleader@ 
PULA ela OMe MLL MU LCL) 
ifm Um) mre 


There is so much to learn, and so little 
time. | am a Web administrator. What 
kinds of certificates are worthwhile? 
This is an interesting and much-debated top- 
ic. Sometimes certifications help during the 
recruitment process, but that depends on the 
hiring manager and the requirements for the 
role. All| can do is speak from experience: 
When I’m selecting candidates, real-world ex- 


perience matters significantly more than certi- 


fications. In the field of Web administration, | 
would suspect there are a multitude of stan- 


' dards and guidelines, particularly in the area 


www.computerworld.com 


of security. Web site security skills are in de- 
mand, and being up to date and accredited by 
a recognized body would be beneficial. [For 
more on certifications, go to QuickLink 
56336.] 


1 am majoring in data communications 
and information systems. | have three 
remaining subjects: Perl programming, 
databases and project management. 
Would it be more beneficial to substitute 
one of these for a business subject? 
Against the high-level topics of databases and 
project management, Perl programming 
would be the one to substitute. | remember 
learning the virtues of BBC Model B Basic, 
and | can honestly say I've never had to write 
asingle business application using it. Howev- 
er, if Perl programming is the only one that will 
educate you about object-oriented concepts 
and design considerations, then perhaps you 
should leave it on your schedule. 


How can | convince my managers that 
they will benefit from sending employ- 
ees to training? The best way to justify any- 
thing is to explain what's in it for others. You 
have to explain why training is important to 
your managers, and you need to provide them 
with materials that they can use to justify 
training to their superiors. Continuous learning 
and improvement are critical parts of any 
organization. IT managers should look at IT 
projects that support the business goals and 
ensure that there is an IT strategy in place that 
maps out the achievement of those goals, in- 
cluding having the proper skills. It’s possible 
that you could identify a real gap between the 
strategy and the organization's ability to 
achieve it. @ 57478 
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Forrester Research Inc. tries to make sense of the next generation of IT workers in a 
report called “Get Ready - the Millennials Are Coming!” Millennials, a.k.a. the Gener- 
ation Y cohort, are those born between 1980 and 2000, and Forrester says employ- 

ers will have to use some new tactics to engage them in their jobs. The report makes 
some valid points in comparing baby boomers with their young replacements (for ex- 
ample, people born in 1980 became familiar with computers at a much younger age 

than those born in 1946), and it uses lots of statistics to back up its conclusions, in- 

cluding the following chart from its Consumer Technographics 2005 North American 
Benchmark Study, a mail survey to 68,661 North American househoids. 


AGE 18-34 
AGE 35-54 


AGE 55+ ES 19°% 


Question to Forrester: if this same question had been asked in 1971, when the 
oldest boomers were turning 25, how different would the responses have been? 
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Human Nature 
of Managemen 


@ Resonant Leadership, by Richard Boyatzis 
and Annie McKee (Harvard Business 
School Press, 286 pages, $25.95). 
T A TIME WHEN the integrity 
of corporate leadership has 
been called into question 
after the accounting scandals 
at Enron and WorldCom, American 
business and IT managers could use a 
few heroes. And it’s under these most 
uncertain of circumstances, the au- 
thors tell us, that “resonant leaders are 
stepping up, charting paths through 
unfamiliar territory and inspiring peo- 
ple in their organizations, institutions 
and communities.” 

In their 2002 best-seller, Primal 
Leadership: Realizing the Power of Emo- 
tional Intelligence, co-authored with 
Daniel Goleman, Boyatzis and McKee 
explained how great leaders employ 
emotional intelligence to build solid 
relationships with those around them. 
Here, the authors describe how leaders 
can create resonant relationships with 
other business managers and foster 
relationships among teams in the 
organization. 





Boyatzis and McKee draw 
heavily from cognitive psy- 
chology and other social sci- 
ences to underscore just what 
makes great leaders and what 
separates them from ordinary 
people. Much of their focus is on steps 
that people can take to deliver contin- 
uous leadership by drawing upon the 
three core qualities that resonant lead- 
€rs must develop: mindfulness, hope 

d compassion. Among their recom- 

nendations for leaders are visualizing 


F positive and realistic outcomes of 


strategies and making the effort to un- 
derstand and improve working condi- 
tions or situations for others. 

The authors use effective examples, 
such as the hope that helped Norwe- 
gian biathlete Ole Einar Bjoerndalen 
progress from a good athlete to one 
who won four gold medals in a single 
Olympics and the compassion that 
Tom Sharbaugh exhibited as managing 
partner and chief operating officer at 
Morgan, Lewis & Bockius LLP, which 
motivated other lawyers to act for the 
greater good of the firm. 

This is a good read for anyone who’s 
already a strong leader as well as any- 
one who aspires to be one. Sometimes 
we need to be reminded of the emo- 
tional strength that helps make great 
people great leaders. 


@ Human Interactions: The Heart and Soul of 
Business Process Management, by Keith 
Harrison-Broninski (Meghan-Kiffer Press, 
304 pages, $39.95). 
AKING STEPS to optimize 
business processes and inte- 
grate them more effectively 
with other processes across 
the company is a popular pursuit for 
many organizations in search of effi- 
ciency gains. But all too often, project 
teams that are involved in business 
process management (BPM) efforts 


qe 


tend to focus too much on how 
systems interact with one an- 
other. They fail to adequately 
address the most important 
aspect of business processes: 
the people who are doing the 
actual work. As author Peter Fingar has 


said, “Processes don’t work; people do.” 


This book can be looked upon as a 
template for how to work on BPM 
projects from a people perspective. 
Harrison-Broninski, chief technology 
officer at Role Modelers Ltd. in the 
U.K., does a nice job of describing how 
people approach their work. He also 


offers steps that BPM project teams 
can take to coordinate the three legs 
that support the BPM stool: people, 
processes and technology. There are 
sections devoted to simple but critical 
topics such as how people communi- 
cate and how people work things out. 

Although the book feels a bit too 
scientific at times, the underlying 
approach provides readers and prac- 
titioners with a well-constructed 
methodology for managing the human 
elements of BPM. 
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® How to Cheat at IT Project Management, 
by Susan Snedaker and Nels Hoenig (techni- 
cal editor) (Syngress Publishing Inc., 576 
pages, $44.95). 

K, I HAVE TO ADMIT that 

I was enamored with the 

title of this book, and 

who wouldn’t be? Despite 
improvements that many project man- 
agement teams have made in deliver- 
ing IT projects over the past few years, 
including the evolution of project 
management offices to centrally co- 
ordinate projects and enforce the use of 
standard project management method- 
ologies, more than half of all efforts 
continue to run late, overbudget or 
out of scope. 

As the author points out, this book 
isn’t intended to provide readers with 
an exhaustive look at IT project man- 
agement. But what it sets out to do — 
and does quite well — is offer step-by- 
step guidance to IT project managers 

how to improve their project results. 
‘Snedaker, founder of IT and busi- 
mess consulting firm VirtualTeam 
onsulting LLC, does a thorough job 


) of covering important project issues 


from beginning to end, including how 
to define projects, create a project 
team, and organize and track projects. 
She also devotes a fair amount of space 
to exploring how to close out a project, 
including the elements that should be 
incorporated in the performance 
reviews of project team members. 

What I like most about the book is 
how clearly written it is. Snedaker 
avoids using mind-numbing project 
management jargon and writes in an 
easy-to-follow, almost conversational 
style. Also useful are the checklists 
and FAQs at the end of each chapter. 
@ 57577 


Reviewed by Thomas Hoffman. 
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| hope this monthly 
column will provide 
a lively exchange 

of ideas with IT 

TEU eee Mee 
best to answer your 
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care to respond, 
we'll run your com- 
ments alongside. 


How do you manage your sponsors 
5 when you have three different 

sponsors who have varied, often 
competing views of where a project should 
go? If you’ve got three sponsors, you 
don’t have a sponsor. It’s like saying 
you've got three first priorities. Just as 
there can be only one first priority, 
there can be only one sponsor. 

In your case, what you probably 
have, in fact, is a disorganized steer- 
ing committee that never meets and 
doesn’t have anyone in charge. As 
you’ve already figured out, that’s not 
a recipe for success. It’s the makings 
for gridlock, politics and resistance. 

As an IT person, you're going to find 
it rather difficult to manage the com- 
peting views of differing business peo- 
ple with different interests. 

What you need to do is recruit a pri- 
mary sponsor from the business side 
and make that person responsible for 
forging consensus among all the busi- 
ness stakeholders. Let the business 
people work together to debate and 
balance the various political interests. 


MANAGEMENT 


They are in a better position than you 
are to facilitate these important politi- 
cal situations. 

You then can take responsibility for 
forging the consensus among the tech- 
nical stakeholders (e.g., architecture, 
development, quality assurance, de- 
ployment, networking, operations, 
project management office and sup- 
port) and coordinating the meetings 
among the technical people. Together, 
you and the business sponsor can 
manage the negotiating process and 
work on gaining agreement on goals, 
process, product and constraints. 


| have a situation where | have lost 
Be = all professional respect for my 

manager. She is a very nice person 
but takes advice from her best friend, who is 
another manager here. We can’t implement 
any policy or process without her running to 
her friend to check it out. It appears that her 
friend is taking advantage of this by doing 
whatever he wants. Any advice? It sounds 
like you have at least three problems 
here: 1) your manager’s behavior, 2) 
your manager’s friend taking advan- 
tage of her and 3) your loss of respect 
for her. 

Let’s dispense with the easy one 
first, No. 2. Forget about doing any- 
thing about your manager’s friend 
unless he’s doing something patently 
illegal, demonstrably immoral or 
dangerously unethical. If he is, then 
consider going to your human re- 
sources representative or corporate 
counsel. 

As for No. 3, try to cut your manager 
a bit of slack. She’s probably not the 
bozo that you think that she is. Being a 
boss is a tougher and lonelier job than 
you probably realize. Resist the urge to 


judge her so quickly. You’ll always have 
the opportunity to do that later. And if 

you're going to be of help, judging will 

be an impediment. 

Now for the tough problem, No. 1. As 
for your manager’s behavior, it would 
help to know why she is going to her 
friend for so much advice. What is 
driving her to seek out such detailed 
counsel? Does she really respect the 
opinion of her friend? Is she afraid of 
her boss? Is she new to her job? Is she 
concerned about the judgments of her 
subordinates? Did she make a really 
bad mistake recently that she’s eager to 
avoid repeating? Is she up for a major 
promotion or overly cautious by na- 
ture? For some reason, she probably 
feels insecure or overly tentative about 
her position, her knowledge of the po- 
sition or her political strength. 

Chances are that if you think care- 
fully about the situation, she has some 
good reason for feeling and acting this 
way and is using her friend as a crutch. 

From the way you stated your ques- 
tion, I’m assuming that you like your 
boss, harbor no ill feelings toward her 
and would like to help her — and you 
— to be successful. 

Once you come up with a reason- 
able theory about what’s driving this 
behavior, you'll be in a better position 
to help. 

Your goal should be to get into 
the loop before she announces any 
new policies she and her friend have 
dreamed up. You want to become her 
trusted adviser. You may not be able 
to stop her from seeking advice from 
her friend, but you may be able to be- 
come a better source of help. 

But you can do this only if you really 
understand why your manager is doing 
what she’s doing. Next time she comes 
up with one of these new policies that 
you feel is wrongheaded, go to her of- 
fice and initiate a private conversation. 
Honestly seek to better understand her 
thinking behind the policy. Don’t issue 
any objections or opinions. Don’t chal- 
lenge her or be aggressive or threaten- 
ing. Just ask and listen carefully and 
sympathetically. 

Once you get an answer that makes 
sense, you'll be in a position to demon- 
strate your understanding of and em- 
pathy for her challenges. For example, 
if she says that the policy is meant to 
avoid miscommunication between de- 
partments, you can ask her, “Is this a 
response to your boss’s recent tirade 
over the missed connection between 
departments?” 

If you become a better adviser than 
her friend is, you may be able to save 
her bacon, and yours. @ 57566 
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Xtreme is looking for Computer 
Professionais (multiple open- 
ings) having Masters Degree or 
equivalent in CS, MIS, CIS 
Math, Tech, Bus, Engineering, or 
related up to two years of expe 
rience in information technology 
area. Responsible for architect 
analysis, design, develops, and 
implement applications and sys- 
tems using various applications 
and tools as well as in other 
computer related duties. Must 
have experience in any one of 
the following skills sets 


Active Directory and migrate 
S from NT using ADMT tool. 
ve, Veritas NetBackup 
SQL Server, Bloomberg 
e Directory, Oracle Forms: 
> Visual Basic, Unix 
and Windows NT. 
2. Oracle, DB2, CICS, COBOL 
MVS, OS 390, Test Director, Win 
Runner, Load Runner, PVCS 
Tracker, Developer 2000, C++ 
Visual Age, Visual Basic, and 
Windows NT. 
3. Weblogic, Apache, Web Ob- 
jects, Oracle, SAP, SQL Server. 
Forms6i, Reports Gi, Power- 
Builder, Crystal Reports, Perl. 
Java Script, .Net, Unix and 
Windows NT. 
4. Java, CORBA, VC++, ASP- 
Net, Weblogic, Apache, JSP. 
WS, Oracle, SQL Server, Clear 
Cas VS, EJB, Unix, Linux 
and Windows NT/2000 
5. Object Oriented Programming 
and Content and Document 
Management Solutions using 
Documentum e-Content server 
and J2EE, Weblogic, Web 
Sphere, Cold Fusion, Dream 
Weaver, Oracle, C# Net 
Framework, VC++, Visual Basic 
Solaris, and Windows NT/2090. 
(Requires only Masters Degree 
with no experience) 
6. Install, configure, administer, 
migrate and perform other relat- 
ed DBA activities using Apple 
Xserve, XRaid (LAN to WAN) 
UNIX based Mac OS X, Mac OS 
X Open Directory, Active Direc- 
tory, LDAP, File Maker Pro, Shell 
Script, Retrospect Server, BRU 
Server. 
7. Coordinate System Analysis 
Database Design, Coding, Test- 
ing and implementation of Orac- 
le Application on Linux, Unix and 
Windows NT/2000. Install, con- 
figure, administer, migrate and 
perform other related DBA activ- 
ities using ERD, DDL, Erwin 
Designer, Oracle internet Appli- 
cation Server, Weblogic, Apa- 
che, Tomcat, Oracle, SQL Ser- 
ver, ETL, OLTP, OLAP, and 
RMAN 


Will provide a competitive salary 
and benefits. Email resume to 
careers@xtremews.com or mail 
to Xtreme Worldwide Solutions 
Inc., 76 Northeastern Bivd 
Suite 29 A, Nashua, NH 03062 


Computer/Information Systems 
Manager-York, ME: Informatic 
Technologies inc. needs exp 
professionals, for multiple open 
ings, to plan, direct, coordinate 
activities in information systems 
using DB2, Oracle, Serviets 
Java, Weblogic, Rational Rose 
Visual SourceSafe, JBuilder 
Crystal Reports, streamline the 
IT process. Competitive salary 
with benefits. Please send 
resume to - Informatic 
Technologies —_ Inc Meadow 
Brook Plaza, 647 US Rt 1, Suite 
212, PO Box 2000, York, ME 
03909, Attn.: HR Department 


EDS is looking for an Infra- 
structure Specialist for its 
Philadelphia, Pennsylvania lo- 
cation to develop, test and pro- 
vide migration support for 
WebLogic and WebServers 
Requires Bachelors degree in 
Electronic Engineering and 
two (2) years of experience in 
installing, configuring and 
maintaining Ciuster Server 
UNIX and Volume Manager. To) 
apply, submit resume to Leo 
Lampman, Service Delivery 
Executive, EDS, 1500 Market 
Street Philadelphia, PA 
19102; in reference to 1117-J 


Numbers Only is looking for 
Computer Professionals (multi- 
ple openings) having Masters 
Degree or equivalent in CS 
MIS, CIS, Math, Tech, Bus, En- 
gineering, or related with up to 
two years of experience in infor- 
mation technology area. Re- 
sponsible for architect, analysis. 
design, develops, and imple- 
ment applications and systems 
using various applications and 
tools as well as in other comput- 
er related duties. Must have 
experience in any one of the fol- 
lowing skills sets 


1, Oracle, ADABAS, DB2, infor- 
matica, Powermart, Erwin, Bus- 
iness Objects, MQ Series, Java 
TOAD, VSS, Solaris, and Win- 
dows NT/2000 (Requires only 
one year of experience for this 
skill set) 

2. Struts Framework Technoio- 
gy. Java, J2EE, Weblogic, iPlan- 
et, Jboss, Oracle, Sybase, SQL 
Server, LDAP, C++, EJB, ANT, 
JUnit, Solaris and Windows NT/ 
2000 (Requires only one year of 
experience for this skill set) 

3. ERP Applications such as Or- 
acle and PeopleSoft, PeopleSoft 
HRMS Application, Solaris, Win- 
dows NT/2000, PeopleTools 
PeopleCode, SQR, Crystal Re- 
ports (Requires only Masters 
Degree with no experience) 

4. ERP Applications such as Or- 
acle and Oracle Financial Appli- 
cation and modules such as AR 
OM, GL, AP, Unix Windows 
NT/2000, Erwin, SQL*Loader 
Forms/Reports 6i, Java, and 
Shell Scripts (require Bachelors 
or equivalent in CS, MIS, CIS 
Eng (any field), Tech, Bus 
Accounting, Commerce, or Math 
with 2 years of experience in the 
skills) 

5. Develop and direct Oracle 
testing procedures, program- 
ming and documentation. Devel- 
op technical specifications and 
design policies, procedure and 
workflows using Interworid Com- 
merce Exchange, Haht Com- 
merce, VB, Java, Broadvision, 
Unix, and Windows NT/2000 
(require Bachelors or equivalent 
in CS, MIS, CIS, Eng (any field) 
Tech, Bus, or Math with 2 years 
of experience in the skills) 


Will provide a competitive salary 
and benefits. Email resume to 
resumes@numbersonly.com or 
mail to Numbers Only, Inc., 21 
Technology Drive, West Leban- 
on, NH 03784 


Business Analyst needed w/ 
Bach in Bus. Admin. or Comp 
Science & 2 yrs to research 
analyze & gather business 
reqmts of comprehensive client- 
server trading s/ware applic 
Test & impimt s/ware using 
Weblogic, Jboss, Java, XML. 
SOAP, Oracle, MS SQL on 
Windows & Unix platforms. Plan 
& perform testing using Star 
Team & Test Director on Win- 
dows. Mail resumes to: Triple 
Point Technology, Inc., 301 
Riverside Ave., Westport, CT 
06880. Job loc: Westport, CT or 
in any unanticipated locs in US 


Software engineer: Des- 
ign, Develop, install su- 
pport software including 
GUl-based applications, 
intergrate financial data 
banks. Master in com- 
puter science plus two 
years experience as 
software engineer. Send 
resume to: Robert Hirt, 
Najarian Loans, Inc., 
3201 Danville bivd. Ste. 
195, Alamo, CA 94507. 


Research Applications Develop- 
er. Chicago, IL. Responsible for 
developing a series of scripts 
and applications, utilizing Perl 
and Sybase, that will acquire’ 
various types of raw data and for 
loading them into the Research 
Applications data warehouse 
Perform database administra- 
tion to include daily checkouts to 
make sure that data has been 
acquired, cleansed, and upload- 
ed into the RA data warehouse 
Identify new sources of data 
define data models used for 
internally representing data 
sources, develop scripts/proces- 
ses for acquiring data, and 
develop additional scripts/pro- 
cesses for cleansing data 
identify, model, implement, and 
store any type of preprocessing 
required to produce derived 
analytic data. Responsible for 
identifying reporting require- 
ments, and working with the 
business response team to heip 
transition knowledge about the: 
various reports in order to facili- 
tate the team's ability to support 
the use of these reports in our 
production environment. Will uti- 
lize C++ programming lan- 
guage, SQL, XML parsing and 
UNIX scripting 


Qualifications include a Master's 
degree in computer science or 
related field. Must have three (3) 
years of relevant experience 
Must have experience in the fol- 
lowing: Perl and C++ program. 
ming language; Sybase SQL 
database administration; XML 
parsing; and, UNIX background 
including scripting 


Qualified candidates should 
submit a cover letter and 
resume, job reference R-0037. 
to itjobs0037 @citadeigroup.com. 
Principals only need apply. 
CITADEL IS AN EQUAL OP- 
PORTUNITY EMPLOYER 


Programmers, Software Con- 
sultants, Programmer Analyst, 
DBAs, Systems Analyst, En- 
gineering Programmers, and 
Software Engineers: MS or BS 
required (foreign equivalent 
accepted), plus 1 to 2 years of 
experience. Will accept a suit 
able combination of experi- 
ence, training and education in 
lieu of stated education. Travel 
and Relocation required. Multi- 
ple Openings Available. Con- 
tact: Carla Sridharan, Everest 
Consulting Group, 3840 Park 
Avenue, Suite 203 Edison, NJ 
08820. REF: ENJRIRS. 


Web application developer for 
large Las Vegas Internet-based 
business. Design and develop 
software applications; develop 
and maintain comprehensive 
security for networks, systems 
and servers. 2-4 years experi- 
ence or BS or higher, preferably 
in computer science, math or 
electrical engineering. Expertise 
in Cold Fusion MX and certifica 
tion as ADVANCED Cold Fu- 
sion MX developer highly desir 
able. Fluent English a must 
Respond to eBizAutos, 10300 
W. Charleston Bivd., No. 13- 
120, Las Vegas, NV 89135. 


Wood Group Pressure Con 
trol, LP seeks Network Engin- 
eer II to work in Houston, TX 
Coordinate all network engi- 
neering functions to ensure 
continuous production consis- 
tent with established stan- 
dards of international energy 
services group. Candidate 
must have Bachelor's in Com- 
puter Science and 2 yrs. expe- 
rience in job offered. Submit 
resume to Melanie Moore at 
fax: 832-325-4296 or mail to 
3250 Briarpark Dr., Ste. 100. 
Houston, TX 77042. Put job 
code NE1105 on resume. 


Find out how to-get the most out of 
your job search and your career. 


Computerworld’s 
Careers Knowledge 
Center 


Get the latest industry news, as well 
as valuable job- seeking and career 
enhancement advice. 


Read about IT-related issues such as: 
Hiring/recruiting 


Education/training 
Consulting/contracting 
Skills 


Remember, knowledge is power, 
and the Careers Knowledge Center 
is the place to get it! 


Go to www.computerworld.com today. 
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Lead IT Engineer/ 

Computer Information 
& System Manager: 
Yugma is seeking a highly moti- 
vated IT manager to manage 
and lead high performance 
embedded multimedia software 
project for ARM-based architec- 
ture in Windows CE and Linux, 
various multimedial file formats 
and transport protocols in Min- 
neapolis. Position requires a 
bachelor’s degree or equivalent 
degree in computer science or 
related Computer fields, and 
minimum of five years of work 
experience working with the 
embedded system. Send appli- 
cations to: Lingaraj, Yugma, Inc., 
fax (952)400-5839. No phone 
calls please 


ATTENTION 


Law Firms 
ce 
Staffing Agencies 


Place your 
Labor 
Certification ads 
here! 

Are you frequently placing 


legallimmigration 
advertisements? 


Let us help you put together a 
cost effective program that will 
make this time-consuming 
task a little easier. 


Call 
800-762-2977 


it|careers 


COMPUTER PROGRAM- 
MER: Writes, tests & 
maintains computer pro- 
grams using existing soft- 
ware to implement pro- 
grams for production, 
sales, inventory control & 
accntg. F/T. Bachelor's 
degree. No exp reqd. Mail 
resume to K. Yerganyan, 
Designed By Scorpio Inc, 
3046 Rosslyn St., LA, CA 
90065. 


SOLA2000 INC. needs Sr. 
Software engineer with exp 
in Cisco Call Manager, 
Unity Express, VOIP-SIP, 
MGCP/NCS, H.323, SS7 
Softswitch, Radius & billing 
servers, TDM. Database-SQL, 
Oracle 10g. Firewalls, VPN, data 
& network security, netegrity 
siteminder. Solaris, Linux, Bsd 

shell scripting. Master's degree 
in CS or EE, 1-2 yrs exp req'd 
depending upon position, we 
also accept any suitable combi- 
nation, training & exp. Travel 
and/or relocation required. Attn 
HR Manager, SOLA2000 INC. 1 
Austin Ave, Iselin, NJ, 08830. 


Database Administrator: 
Glass Lewis & Co. LLC 
Optimize, manage & 
maintain database sys- 
tems. Send resume to 
Director of IT, 575 Market 
Street, 16th Floor, San 
Francisco, CA 94105 or 


fax (415) 357-0200. EOE 


Ads Placed Weekly 





Didn't find the IT 
Career Opportunity 
you were looking for? 


Zee eee eae 


Check back weekly for 


fresh job listings placed 


by top companies 


looking for skilled IT 


professionals like you! 
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Trustek, Inc. Consulting firm is 
seeking Software Engrs. w/MS 
'& min. 1 yr. exp or equiv. & Prog. 
Analysts w/BS & 3 yrs. exp. or 
equiv. Travel/Relo required any- 
where in US 


. C++, NT, UNIX, Shell, Sy- 

base, .Net Studio, VB.Net, ASP. 
Net, SQL Server, JavaScript 
VBScript, CORBA, ASP, COM/ 
DCOM, Crystal Reports, Archi 
tecture, Erwin, Developer 2K 
PL/SQL, SQL*Plus, Forms. 
Reports, Designer 2K, Modeling. 
Java, JSP, XML, XSL, J2EE 
EJB, WebSphere, WebLogic. 
UML, Rational Rose, JDK, Data- 
Warehousing, ETL, OLAP, infor 
matica, Cognos, Brio, Business: 
Objects, SUN, Solaris, HP-UX 
Veritas, EMC, SAN, OpenView, 
Oracle Clinical, ClinTrial, SAS 
FDA regulations, Validations. 
Oracle Applications, nQuery. 
PeopleTools, PeopleCode, Peo- 
pleSoft, SAP R/3, SapScript. 
SmartScript, Docs, ALE, EDI 
BASIS, ABAP, BW, APO, SEM. 
SCM, ITS, Adaytum, Cognos 
Business Suite 


Applicant should also have exp. 
in interface w/hardware & soft- 
ware, provide functional imple 
mentation, config, train, analyze 
implement, code, test, backup. 
install, manage, customize, tun- 
ing, AS-IS study, Internet/Intra- 
net applications, stored proc 

dures, triggers. Create database 
tools, tables, files, roles, index 
ies, space management and re- 
organize. Apply w/resumes to 
Attn: Recruiter, 6 Kilmer Road. 
Suite Q, Edison, NJ 08817 


Software Engineer 
(Parlin, NJ) 


IT consulting comp for its clients 
nationwide seeks software engi 
neers with M.S. and 2 yr of exp. 
or B.S. and 5 yr of progressive 
exp in 

+ Java/J2EE tech. Also, req. at 
least 2 yrs exp. in fin app! w/ adv 
Java Imaging tech. inc!. JAI API 
Snowbound Raster Master Java 
Imaging Toolkit, Java Encryption 
and Cryptography and XML on 
Oracle and SQL db environ. 

+ Analysis, des, dev and deploy 
ment of fin s/w sys w/ adv graph- 
ic utilities for customer specific 
data analysis, data visualization 
with 3D graphical images, gen- 
eration of highly customizable 
reports and secured web ser- 
vices using .NET tech, VC++ 
TGS Open Inventor Graphics 
Library, Inter and Intra Process 
Comm, SOAP, XML, XSi, SQL 
Server and SQL Reporting 
Services. 

Systems Administrators w/ exp 
in Unix & Web Appl. Server 
Admn for providing supp in pro- 
duction, dev, testing and staging 
environ 

Send resume to: HR, Resource 
Logistics Inc., 499 Ernston Rd. 
B-12, Parlin, NJ 08859 


IT CAREER OPPORTUNITIES 


CA (CORP HO is in CA. Current 
worksite is Broomfield CO and 
other sites throughout the U.S. 
as assigned) - 

Software developer - BA/BS 
Will accept addni yr of employ- 
ment for every yr of college not 
completed. In addition to BA/BS. 
position requires 2 years of exp 
with Scopus, TCL, Java, and 
Siebel 


CT - Computer Scientist - BS. 
Will accept addni yr of employ- 
ment for every yr of college not 
completed. In addition to BS. 
position requires 1 year with 
MVC, J2EE, JSP, Javascript 
Serviets, HTML 


The flexibility to travel and be on 
call may be necessary. Proof of 
legal authorization to work in the 
U.S. is required 


Please forward your resume to 
Computer Sciences Corp., Attn 
J. Le, 2100 E. Grand Ave., Mail 
Code A209, El Segundo, CA) 
90245. Please indicate the spe- 
cific occupation and location for 
which you are applying 


Radiant Systems Inc., a nation- 
wide technology provider with 
offices in NJ, CT, Tx & FL re- 
quires managers, team leaders. 
and professionals at entry, mid 
and senior levels in the areas of 
systems and program analysis, 
software engineering and devel- 
opment, network engineering 
and administration, database 
administration, web design and 
development, technical writing 
and marketing. Master's degree 
in a relevant field and 1-3 years 
of experience or bachelor's 
degree with 2-5 years experi- 
ence required. Proficiency in 
several of the following skills is 
expected C,C++ Java,Java- 
Script,XML,UML,Perl, HTML 
SQL,Pro*C, VB,PB, VC++,.MFC 
SDK, Gupta-SQL, Informix, Cry- 
stal Reports,Sybase, Dev 2000. 
Lotus Notes,Unix,Win NT/95/XP, 
RTOS,Sun OS, Help Desk/PC- 
Support,SAP R/2-R/3, ABAP/4 
SAP Scripts, PeopleSoft, DMS. 
AS/400, COBOL/CICS/DB2, 
MVS, RPG/400,SQA, Win/Load 
Runner, SNMP, COBRA, ASP, 
Active-X,DTM/TDMA,FDMA, 
LAN, WAN, Proxy, Wild Packets. 
Cisco works, !OS, Concord 
nGenius, VPN, Pix, Qos, Rout- 
ers, DSP/ATM,FRAME RELAY, 
TCP/IPISDN, DCOM, COM 
PL/1,SAS, Vx-Works. VHDL 
SONET/SDH, SNMP,HP Open- 
View,Proj Mgr,Tech Writers. We 
require a tertiary degree w/ rele- 
vant experience. Excel. Bene- 
fits, travel and relocation re- 
quired E-Mail radiants@ 
radiants.com Attn: H.R. Dept. 
109-A Corporate Blvd, S 
Plainfield, NJ 07080. 


Computer/information Sys- 
tems Manager-Manhattan 
Eclaro Intl, Inc. needs exp 
Professionals to plan direct, 
coordinate activities in infor- 
mation systems using Orac- 
le Financials, MQ Series, 
COM/DCOM, ASP, Crystal 
Reports, COM+. Streamline 
the IT process. Competitive 
Salary with benefits. Please 
send resume to Ecliaro Intl 
Inc. 200 West 57th Street, 
NY, NY10019. Fax 212- 
258-2115 


TECHNOCREST SYSTEMS. 
INC. - Worth, IL Seeking a Com- 
puter Support Specialist to pro- 
vide technical assistance to 
computer systems users in per- 
son, via telephone or from re- 
mote location for multiple posi- 
tions. Travel to client office work 
stations to handle troubleshoot- 
ing and repair and perform war- 
ranty services for DELL, Com- 
paq, Apple and IBM desktop and 
laptop computers. Requires 
Bachelor's degree in Computer 
Science or Electronic Engineer- 
ing. Send Resume to: Human 
Resources, Technocrest Syst- 
ems, Inc. 3125 S. Pickwick 
Place, Springfield, MO 65804 
job code: TSI0593 


EDS is looking for a Human Re- 
source Specialist Senior for its 
Plano, Texas location to provide 
specialized support for human 
resource related programs, poli- 
cies and initiatives. Requires 
Bachelors degree in Actuarial 
Science and three (3) years of 
experience in creating, deploy- 
ing and administering global 
graded structure and job evalua- 
tion method. To apply, submit 
resume to Pat Simmons, Global 
Compensation/incentive 
Strategy & Design Manager, 
EDS, 5400 Legacy Drive, Plano, 
TX 75024; in reference to 1120- 
J 
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ITM Business Consultant/Project Lead. Implement range forecasting me- 
thodology using real pricing option approach within Purchasing & Supply 
to reduce premium cost payments & volume shortages within company 
supply chain. Lead & execute multi-million dollar intl projects involving 
large numbers of subordinates & sub-contractors, emphasizing total qual- 
ity of IT infrastructures, mapping business processes up front, analyzing 
processes to identify & reduce non-value-added steps & eliminate “vital 
few” root causes of process deficiencies to increase overall profitability & 
quality. Interview vendors & customers at initial planning phase to specify 
requirements. Use process improvement tools & methodologies to 
streamiine divergent philosophies among project stakeholders & reduce 
overall process deficiencies. Interface between business customers & 
Dept to manage projects & solve problems with roots in multiple depts 
including Sales & Marketing, Procurement & Supply, Finance, Engrg, & 
Mfg. Lead cross-functional teams to facilitate consensus between depts 
Disassemble complex tasks into assignable work packages. Solicit & pre- 
sent abstract customer ideas in concrete forms such as flow charts. 
Design systems & applications to streamline development systems for 
new vehicles, maintaining holistic understanding of design process in 


order to integrate all aspects of projects 


appropriately. implement soft 


ware systems using LCM process, including initiation, requirements gath 

ering, systern testing, & final implementation. Assess value of projects to 
align cost with output. Coordinate offshore vendors & measure vendor 
performance. Assess projects to ensure that contractual obligations such 
as risk, deadlines, & cost are met. Measure business customer satisfac 

tion using ITM Project Quality Index (PQ!). MBA, Finance or Supply Chain 
Management. One year of exp. in job or Related Occupation of Deputy 
General Manager. One year of Related Occupation experience must 
include leading & executing multi-million dollar int! construction or other 
Projects involving large numbers of subordinates &/or sub-contractors 
emphasizing total quality of IT infrastructures, mapping business process: 
es up front, analyzing processes to identify & reduce non-value-added 
steps & eliminate “vital few’ root causes of process deficiencies to 
increase overall profitability & quality, which may be concurrent with 
Related Occupation experience. Apply to Vivica Richter, DaimlerChrysler 


Corporation, CIMS 485-08-44 
48326 


Business System Analysts 
Team Leader, wanted by propri 
etary trading firm loc in Chicago 
to review, assess, assign & 
monitor duties, responsibilities 
tasks & projects to team mem- 
bers involved in the dvipmt of 
automated black-box trading 
systms for securities trading 
Utilize cutting edge dvipmt 
analysis & performance testing 
tools, & modeling techniques. 
incl statistical/mathematical & 
complex systm modeling, Gen- 
etic & Evolutionary Algorithms. 
automated Artificial Agent-based 
modeling, unconventional opti- 
mization techniques & std tech’! 
analysis. Must have MS Deg in 
Comp Sci or Engg & 6 mos exp 
in job offd or any System Analyst 
Position. Mail resume to: Renee 
Whittingham, Jump Trading 
LLC 600 W. Chicago, Ste. 825 
Chicago, |L 60610. No calls 


Systems Analyst. Design syst 
resolve issues of virus and inter- 
ferences. Tools: Java, C/C++, Perl, 
SQL, PL/SQL, CORBA ar 

WebLogic. Req. 3 yrs. exp. or as 
a Prog analyst with tools above. 
Senior Application Analyst 
Programmer. R/D call Server 
‘Switch, succession, migration, SS7 
PRI, DAL, Tandem Trunks, VoIP, 
Batch processes. Tools: PL/SQL. 
Scripts, J2/SSE/J2EE, XML, SAX. 
JDBC. Req. BElectronic Eng. w/2 
yrs. exp. or as an App. Analyst Prog 
Software Engineer. R/D spec 
bus. web-based applic., create 
PUSQL routines. Tools: J2EE 
JAVA, JSP, HTML, NML, EJB 
Req. MBA w/t yr. exp 
Send resume to M. Amaran 
JMA Chartered, 10551 Barkley, 
Ste. 400, Overland Park, KS 66212 


Software Engineer: Req'd BS 
in CS or Engr + 2yrs exp & 
ability in Enterprise Plumtree 
Portal s/ware, Crystal Reports 
C#, .Net, IIS & Java to dvip. 
support apps/modules in exist 
ing portal applics; perform MS- 
SQL performance tuning & 
data-modeling to support 
warehouse & complement 
apps. Dsgn & dvip modules for 
SQL server & other MS tech- 
nologies. Debug existing mod- 
ules & w/DBA. Guggenheim 
Services NY, NY. E-mail CV to) 


1000 Chrysler Drive, Auburn Hills, Mi 


Trinuc seeks software analyst to 
develop One-Warehouse project 
to agglomerate data sources 
using Oracle9i, {TPapers.com 
Recent aBusiness intelligence- 
Data Warehousing White 
Papers. Require MS/BS+5yr IT 
exp. Send resume to 830 S 
Buffalo Grove Rd, #105, Buffalo 
Grove, IL 60089 


HIDEF Technologies seeks IT 
Consultants. Duties: design 
develop, administer & imple 
ment software, computer & data- 
base using various skills such as 
Oracle, DB2, Java, EJB 
WebTech, SAP, VB, C/C++, etc 
Travel required Apply at 
info@hideftech.com. EOE 


Computer Professionals need- 
ed (Princeton Junction) NJ 
based IT firm, Jr. Level Posi 
tions Programmer Analysts. 
Software Engineers, Systems 
Analysts, to Develop, create 
and modify general computer 
applications software or special- 
ized utility programs. Analyze 
user needs and develop soft 
ware solutions. Sr. Level Posi- 
tion, [T Managers, MIS Manag- 
ers, ITS Directors needed to 
Plan, direct, or coordinate activ 
ities in such fields as electronic 
data processing, information 
systems, systems analysis, and 
computer programming. Apply 
with 2 copies of resume to 
H.R.D, 22nd Century Technolo 
gies, Inc, 186 Princeton Highs 
town Rd, Building 3A, Princeton 
Junction, NJ 08550. 


Team Leader (MIS Software 
Application) needed w/Masters 
in Comp Sci or Engg or Math & 
tyr exp to dsgn & prgm object 
oriented S/W & GUls inci gener 
ating dsgn diagrams, writing 
specs, coding & testing using 
Java, CORBA, Swing, C & C++ 
on Unix, Linux & Windows. Write 
Unix scripts using Korn Shell 
Bourne Shell, awk & Peri to con 
figure, build, load data & monitor 
S/W systm. Apply d/base systm 
to perform data processing 
using proprietary D/base Mgmt 
Systm, Oracle & Pro*C. Write 
SQL queries for S/W. Troubie- 
shoot systm failure, diagnose 
errors & fix bugs. lyr exp as Sr 
Systms Analyst is acceptable 
Mail resumes to: Algomod Tech- 
nologies Corp., 116 John St, Ste 
1406, NY, NY 10038. Job Loca- 
tion: NY, NY. 
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NEWS 


E-voting Grows Without Consensus 


BY MARC L. SONGINI 
State and local election offi- 
cials, looking to meet federal 
voting regulations, are buying 
electronic voting gear despite 
a lack of best practices guid- 
ance and money. 
The deadline for meeting 
the mandates of the Help 
America Vote Act (HAVA), 
which requires that an e-voting 
machine be installed at every 
polling location, is the first 
election after Jan. 1, 2006. 


Governments are buying the 
gear in the midst of a continu- 
| ing controversy over the relia- 
bility and security of e-voting 
machines, the lack of a so- 
called paper trail of votes from 
some systems, and the fact that 
there are few lists of systems 
and best practices certified by 
state or federal agencies. 

Complaints last week from 
some election officials came 
days after the Government Ac- 
| countability Office issued a re- 





Freescale ClO Builds on IT Foundation 


BY THOMAS HOFFMAN 

It's a dream situation that most 
ClOs never get to experience - 
the chance to build an IT organi- 
Zation from the ground up. That's 
essentially what Sam 

Coursen is doing. 

Coursen, formerly ClO at 

NCR Corp., was hired as 

vice president and ClO 

in August by Freescale 
Semiconductor Inc. in 

Austin to help develop a 

set of world-class IT 

processes. Coursen dis- 

cussed his plans with Computer- 
world before heading to the IT 
Financial Management & Asset 
Management Summit in Orlando. 


Why did you leave NCR to 
join Freescale? At NCR, | went 
through the entire transforma- 
tion of IT. | felt that | did what I'd 
hoped to accomplish. | was will- 
ing to listen to offers, and | 
thought [Freescale] would be 

a good challenge. 


You were at NCR during 
some turbulent times. Over 
the seven years | was at NCR, 

| had seven different bosses. 

| worked for Mark Hurd [former 
NCR CEO, now Hewlett-Packard 
Co. CEO] the last couple of 
years. At the end, there wasn't 
a senior executive who was 
there when | started. 


What are your plans for Free- 
scale? | put on the calendar 
plans to put together an IT strat- 
egy with the CEO after two 
months. I've just gone through 
that. There are two areas 
| would mention. The first 
is that IT in and of itself is 
an important function 
with a lot of complexity. 
You have to understand 
where you are, break 
everything into detail, 
benchmark everything 
and drive efficiency in 
the IT process. A CIO [also 
must] help everyone else opti- 
mize their processes. 

A second area is supply 
chain. A certain amount of 
progress on having an applica- 
tion portfolio is part of this, but 
there are gaps. For instance, 
we have one instance of SAP, 
but not all of the functions are 
in there. That's partly true of 
legacy systems, too. 


What are some of those 
missing functions? Orders are 
placed into a legacy system first 
and then entered into SAP. What 
we're trying to do is optimize the 
supply chain, where IT can add 
value to the business. The more 
you can drive optimization and 
improve the yield out of these 
plants, it can be a huge benefit 
to the company. @ 57836 








port contending that questions 
about the security and accura- 
cy of electronic voting systems 
are likely to continue into the 
2006 elections. 

The GAO called on the U.S. 
Election Assistance Commis- 


| sion to define security policies 


and set up a machine certifica- 


| tion program. 


HAVA was passed after the 


| controversial 2000 presiden- 


tial election in order to correct 
shortcomings in voting prac- 
tices and equipment. It man- 
dates a number of changes to 
improve the reliability of bal- 
loting systems and processes. 
Voting districts not meeting 


| the deadiine face penalties is- 


sued by the U.S. Department 


| of Justice, said a spokeswoman 


for the Election Assistance 


| Commission, which is charged 
| with helping to implement 
| HAVA mandates. 


One of the bones of con- 


| tention is that no guidelines 
| have been set up to ensure 
that machines meet the feder- 


al requirements, officials said. 
For example, a number of 


| local officials want to imple- 


Continued from page 1 


Politics 


agement techniques and soft- 
ware would remove politics 
from discussions between IT 
and business executives about 


| which IT projects to fund. 


Those managers argued that 


| the tools can calculate and 


rank projects that are expect- 
ed to have the greatest impact 
on an organization by using a 


| variety of metrics, such as re- 


turn on investment, net pre- 
sent value and internal rate of 


| return. Some IT executives 
| said they believed that such 


rankings could defuse the po- 
litical wrangling that typically 
accompanies budgeting dis- 
cussions. 

But in hindsight, those 





Report Highlights 


A.GAO report to Congress this 
month said e-voting systems con- 
tinue to suffer from the following: 
® Design flaws 

= Poor security management 
= Incorrect configuration 

= Inadequate version controls 
® Security flaws that could 
encourage hackers 

= Ballots and audit logs that 
could be modified 


® Lack of widespread govern- 
ment certification of systems 


| ment e-voting systems that 


provide paper trails, but there 
are no federal criteria for do- 
ing so. 

“The [GAO] report buttress- 


| es what we've been saying,” 
| said Ion Sancho, supervisor 


of elections in Florida’s Leon 
County, which uses optical 


| scan devices that have to be 
| supplemented with e-voting 
| machines under the HAVA law. 


“There are concerns [that]} 
need to be addressed,” he said, 


| citing both potential electronic 
| and human errors. 


The government is forcing a 
rush into e-voting without 


proclamations were either 
naive or misguided, several 


| conference attendees said. 


“To be a successful CIO, you 
have to learn not to take sides 
in the budget battle,” said Russ 
Finney, vice president and 


CIO at Tokyo Electron Ameri- 
| ca Inc., an Austin-based sub 

| sidiary of Tokyo Electron Ltd. 
| that makes semiconductor 

| manufacturing equipment. 


Finney said he listens to all 
sides in discussions about 


| funding specific IT projects 


and tries to consider the dri- 


| vers behind each of them in 

| order to make an objective de- 
| cision. That technique is par- 

| ticularly useful when it falls 

| upon him to break a dead- 


| 


| locked vote, he noted. 


Still, Finney acknowledged 


| that the budgeting process at 
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| having established adequate 


technological guidelines, said 
Matthew Zimmerman, staff 


| attorney at the San Francisco- 
| based Electronic Frontier 


Foundation, a civil rights ad- 


| vocacy group that focuses on 
| technology issues. 


To ensure that e-voting ma- 


| chines are accurate, the com- 


monwealth of Pennsylvania 
mandated that vendors pro- 
vide source code, said Leonard 


| Piazza, director of elections in 


Luzerne County, Pa. 
Currently, Luzerne County 


| uses lever-activated devices, 
| but $5 million has been set 
| aside to buy e-voting machines, 


Piazza said. The county hopes 


| to buy machines that offer pa- 


per trails but is awaiting a list 
of machines that have been 
certified by the state, he said. 
The matter of vote validity 
aside, there is still the cost to 


consider, said some officials. 


For example, Lubbock County, 
Texas, installed $2.6 million 
worth of e-voting machines 
from Austin-based Hart Inter- 


| Civic Inc., said County Com- 


missioner Ysidro Gutierrez. 


| The cost “was a financial bur- 
| den to the county,” Gutierrez 


said. @ 57866 


| Tokyo Electron “is very poli- 
| tical. That’s why we only do 
| budgets every six months — 
| if we had to do them every 


quarter, we'd be at each oth- 
er’s throats,” he said. 

Still, one IT executive at the 
conference said he sees an up- 


| side to the situation. 


“Some of the tools are pret- 


| ty slick, and some of them en- 
| able conversations to happen” 
| . 

| between IT and business exec- 


utives about which projects to 
fund, said Michael M. Blake, 


| vice president of finance for 


IT at Kaiser Permanente in 


| Oakland, Calif. 


“I'm a big advocate of con- 
versations, and we can use 


| these tools as a vehicle to drive 


those discussions and make 


| those decisions,” he added. 


@ 57870 
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Losers and Winners 


AS THIS SUIT REALLY NECESSARY? Last week, 
VeriSign and the Internet Corporation for As- 
signed Names and Numbers announced that 


they’re settling their lawsuit. What? You’ve forgot- 


ten exactly what VeriSign sued ICANN for? No 
surprise there. You have to think back more than two years, to when 
VeriSign got fed up with ICANN’s slow, politicized decision process 
and slammed a new service called Site Finder into place — a service 
that VeriSign hoped to make money from, but that some said threat- 


ened the stability of the Internet. 


Two years and plenty of shouting later, what have we got? 


Realistically, both sides lost. VeriSign, which 
keeps track of all .com domain names, had chal- 
lenged ICANN’s right to run the Internet; un- 
der the settlement, VeriSign agrees it won’t act 
in any way to undermine ICANN in the future. 
VeriSign also insisted two years ago that it 
could start up new domain-name-related ser- 
vices without ICANN’s permission; under the 
settlement, it can’t. 

Oh, and VeriSign previously claimed that all 
.com domain information was proprietary data 
that ICANN couldn’t have if ICANN stripped 
VeriSign of its rights as a registrar. Under the 
settlement, VeriSign’s domain name data will 
be kept in escrow and updated daily. If Veri- 
Sign’s agreement to run the .com registry is 
terminated or VeriSign goes bankrupt, all that 
data will go to a new .com registrar. 

On ICANN’s side, the Internet’s primary gov- 
erning body had claimed it could make deci- 
sions on the basis of whether competition was 
encouraged. No more; the settlement says all 
competition issues will be referred to the ap- 
propriate government agencies. 

And the loose and seemingly endless process 
ICANN used to make decisions 
about proposals for new services 
(VeriSign complained that some of 
its proposals were up in the air for 
years) is gone, at least for VeriSign. 
Now there’s a tight 90-day schedule 
for ICANN to submit VeriSign’s 
proposals to an expert committee 
and deliver a final decision based 
on the committee’s analysis. 

(Full disclosure: I suggested that 
kind of fast-track process should be 
set up almost exactly two years ago, 
after the first blowup over Veri- 
Sign’s Site Finder service. But I have 
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no reason to believe VeriSign and ICANN 
didn’t come up with the idea on their own.) 

So —- if both sides lost, did we really have to 
go through all this? The very public battle over 
Site Finder, an antitrust lawsuit that was thrown 
out, then a breach-of-contract suit that this 
agreement settles? 

Yeah, probably. 

Or at least VeriSign and ICANN had to go 
through it. See, even after the dot-com bust, 
there was plenty of Wild West left in the Inter- 
net. In 2003, the biggest gunslinger in town was 
VeriSign, while ICANN was the sheriff who did 
pretty much what he wanted. And when those 
two clashed, it was bound to be one gunfight af- 
ter another until someone finally put a stop to it. 

That someone would have been a judge if 
VeriSign and ICANN hadn’t settled last week. 
Two years ago, even last year, they weren’t 
ready. VeriSign had to slog through the legal 
mud and see its antitrust claims tossed out. 
ICANN had to watch its sloppy procedures 
exposed and know that the International Tele- 
communication Union was angling to take con- 
trol of the Internet away from ICANN. 

Now, bruised but wiser, VeriSign 
and ICANN are ready to put their 
cowboy suits away. No more gun- 
slinging, no more playing at Wild 
West. They’re ready to get down to 
the business of putting the Internet 
to work. 

Good for them. And good for the 
rest of us, too. 

Because if we end up with better 
Internet governance, more cooper- 
ation and improved stability and 
security, then — necessary or not 
— maybe VeriSign v. ICANN was 
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Think Different 

Panicked user reports that a CD-ROM not only won't 
play but won't eject, either. “She shoved the CD in the 
slit between the expansion bay covers,” says pilot fish 
who extracts the CD. “While she’s effusively thanking 
me, | tell her that I'm going to make sure she never has 
this problem again. | dig into my superimpressive tool 
bag that has one of everything in it and come up with 
a oll of clear tape - which | proceed to use to tape 
over all the slits between the expansion bays.” 
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you put the tape in here? : all my files?” Where 
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Pilot fish has tried for | Too Difficult 
weeks to get the CIO’s = Newly hired user to IT 
office at headquarters to : manager pilot fish: “My 
open a port in the fire- : Mouse pad is missing. 
wail so a contractor can ; Do you have another?” 
do his work. “The con- _: Fish: No, but you can get 
tractor had been on-site © an office supply catalog 
for a week by this time : from purchasing, pick 
and had only a week left : out one you like and 

to complete the job,” © have them order it. New 
says fish. “Finally, in ex- hire leaves ~ only to 
asperation, one of our —_ return minutes later: 
techs sent a spreadsheet | “My boss says you have 
to the help desk outlining : to order me a mouse 
everything we had done | pad. She says you're the 
to get this request com- : only one who knows 
emcees oe oa 


YOU KNOW WHAT'S COMPATIBLE: True tales of T 

life. Send them to sharky@computerworld.com, and 
you'll score a sharp Shark shirt if | use yours. And check out 
the daily feed, browse the Sharkives and sign up for Shark 
Tank home delivery at computerworld.com/sharky. 
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